Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
mdPov8VTwi.exe

Overview

General Information

Sample name:mdPov8VTwi.exe
renamed because original name is a hash value
Original sample name:1993ad089d3aac67b807530545d56ec3.exe
Analysis ID:1575753
MD5:1993ad089d3aac67b807530545d56ec3
SHA1:d0915d407850675757b009f5f3e638278421840c
SHA256:a28740f6aff30052e217cb6960de51b5697248ed6902340ad275c0d4e832c763
Tags:exeuser-abuse_ch
Infos:

Detection

Credential Flusher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • mdPov8VTwi.exe (PID: 6432 cmdline: "C:\Users\user\Desktop\mdPov8VTwi.exe" MD5: 1993AD089D3AAC67B807530545D56EC3)
    • taskkill.exe (PID: 6736 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 1444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6704 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 5672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5828 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 4152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6752 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5724 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 5172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 6764 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 504 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 6732 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 3564 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70d81a13-a225-4265-8ca9-40698a313c3e} 6732 "\\.\pipe\gecko-crash-server-pipe.6732" 1f154d6dd10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7844 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2512 -parentBuildID 20230927232528 -prefsHandle 4152 -prefMapHandle 4012 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ee53d91-f2db-4f57-847b-44ac09d70421} 6732 "\\.\pipe\gecko-crash-server-pipe.6732" 1f1672fbf10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7824 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5256 -prefMapHandle 5228 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {483d19b1-0be0-4d3d-8b1c-b6a9ab3ca66f} 6732 "\\.\pipe\gecko-crash-server-pipe.6732" 1f16dd04110 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: mdPov8VTwi.exe PID: 6432JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: mdPov8VTwi.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: mdPov8VTwi.exeVirustotal: Detection: 22%Perma Link
    Source: mdPov8VTwi.exeReversingLabs: Detection: 36%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
    Machine Learning detection for sample
    Source: mdPov8VTwi.exeJoe Sandbox ML: detected
    Source: mdPov8VTwi.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49727 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49741 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49751 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49760 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49763 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.6:49762 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49766 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49767 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49768 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49769 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49781 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49780 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49778 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49777 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49783 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49782 version: TLS 1.2
    Source: Binary string: UxTheme.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: rsaenh.pdb source: firefox.exe, 0000000E.00000003.2612462394.000001F16D724000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2612554709.000001F16D688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563535445.000001F16D722000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 0000000E.00000003.2608630508.000001F1665A5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winsta.pdb source: firefox.exe, 0000000E.00000003.2592285796.000001F168361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569079046.000001F168361000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000E.00000003.2581507285.000001F167746000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2574751767.000001F167735000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595214196.000001F167746000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: WscApi.pdb source: firefox.exe, 0000000E.00000003.2591170277.000001F168999000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2600585478.000001F16899C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: npmproxy.pdbUGP source: firefox.exe, 0000000E.00000003.2630498809.000001F1628B1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2617534532.000001F167928000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2628864112.000001F1628AB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: msvcrt.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000000E.00000003.2625693085.000001F16556C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8WinTypes.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2587327612.000001F170A01000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: xul.pdb source: firefox.exe, 0000000E.00000003.2581507285.000001F167746000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2574751767.000001F167735000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595214196.000001F167746000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nssckbi.pdb source: firefox.exe, 0000000E.00000003.2564364091.000001F168E2D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mozglue.pdb source: firefox.exe, 0000000E.00000003.2608355611.000001F1665B5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winnsi.pdb source: firefox.exe, 0000000E.00000003.2602078827.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624272673.000001F167AA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dcomp.pdb source: firefox.exe, 0000000E.00000003.2591585136.000001F1683D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2591537906.000001F1683FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2568064401.000001F1683D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2568002445.000001F1683FB000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: cryptsp.pdb source: firefox.exe, 0000000E.00000003.2612554709.000001F16D688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613356097.000001F16D63F000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8dhcpcsvc6.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599919306.000001F16DCA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shell32.pdbbookmarks-mobile-bookmarks-menu source: firefox.exe, 0000000E.00000003.2619061831.000001F167319000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntmarta.pdb source: firefox.exe, 0000000E.00000003.2595764021.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576622843.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624740210.000001F16726D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: CLBCatQ.pdb source: firefox.exe, 0000000E.00000003.2617534532.000001F167928000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8twinapi.appcore.pdb source: firefox.exe, 0000000E.00000003.2599433030.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2622836167.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8kernelbase.pdb source: firefox.exe, 0000000E.00000003.2620628059.000001F165C6F000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shlwapi.pdb source: firefox.exe, 0000000E.00000003.2581622736.000001F1673A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595621366.000001F1673A6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2588261603.000001F1628AC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: 8CoreMessaging.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580036783.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wsock32.pdbP4 source: firefox.exe, 0000000E.00000003.2575542705.000001F167537000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2617885354.000001F167537000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: win32u.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dwmapi.pdb source: firefox.exe, 0000000E.00000003.2592658384.000001F168319000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569584672.000001F168319000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8bcryptprimitives.pdb source: firefox.exe, 0000000E.00000003.2624694927.000001F16750E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: firefox.pdb source: firefox.exe, 0000000E.00000003.2609032581.000001F16654C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: srvcli.pdb source: firefox.exe, 0000000E.00000003.2567628369.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: imm32.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: freebl3.pdb source: firefox.exe, 0000000E.00000003.2614617620.000001F168DE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2564364091.000001F168E2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2564488912.000001F168DE4000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2587327612.000001F170A01000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ws2_32.pdb source: firefox.exe, 0000000E.00000003.2624694927.000001F16750E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mswsock.pdb source: firefox.exe, 0000000E.00000003.2602078827.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624272673.000001F167AA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8gkcodecs.pdb source: firefox.exe, 0000000E.00000003.2564953630.000001F168DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2564488912.000001F168DB1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8iphlpapi.pdb source: firefox.exe, 0000000E.00000003.2605979067.000001F16D75C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2562329109.000001F16D74F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC50000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nsi.pdb source: firefox.exe, 0000000E.00000003.2602078827.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624272673.000001F167AA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msimg32.pdb`w source: firefox.exe, 0000000E.00000003.2564488912.000001F168DE4000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winmm.pdb source: firefox.exe, 0000000E.00000003.2617534532.000001F167928000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ole32.pdb source: firefox.exe, 0000000E.00000003.2595471076.000001F1673C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2604283631.000001F1673C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576472005.000001F1673B5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8CoreUIComponents.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8cryptbase.pdb source: firefox.exe, 0000000E.00000003.2609032581.000001F166541000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8cfgmgr32.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599919306.000001F16DCA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msasn1.pdb source: firefox.exe, 0000000E.00000003.2593959375.000001F16775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2573966495.000001F16775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2572325981.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580875312.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2593959375.000001F167788000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: DWrite.pdb source: firefox.exe, 0000000E.00000003.2572325981.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580875312.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2593959375.000001F167788000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: combase.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shlwapi.pdb@ source: firefox.exe, 0000000E.00000003.2595471076.000001F1673C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2604283631.000001F1673C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576472005.000001F1673B5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8dhcpcsvc.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599919306.000001F16DCA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2629356584.000001F1628AC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: 8msvcp140.amd64.pdb source: firefox.exe, 0000000E.00000003.2563987526.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2620628059.000001F165C6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nss3.pdb source: firefox.exe, 0000000E.00000003.2595471076.000001F1673C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595471076.000001F1673D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2604230312.000001F1673D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2604283631.000001F1673C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576472005.000001F1673B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576472005.000001F1673D1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000E.00000003.2564364091.000001F168E2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623845007.000001F168EB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8webauthn.pdb source: firefox.exe, 0000000E.00000003.2562902700.000001F16D742000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613602044.000001F16D605000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Kernel.Appcore.pdb source: firefox.exe, 0000000E.00000003.2602078827.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624272673.000001F167AA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2571363013.000001F16794A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592976334.000001F16794A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 0000000E.00000003.2599433030.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2622836167.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wsock32.pdb source: firefox.exe, 0000000E.00000003.2624694927.000001F16750E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: UMPDC.pdb source: firefox.exe, 0000000E.00000003.2565181291.000001F168D44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2614617620.000001F168DE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2564488912.000001F168DE4000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wininet.pdb source: firefox.exe, 0000000E.00000003.2564364091.000001F168E2D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8oleaut32.pdb source: firefox.exe, 0000000E.00000003.2568881529.000001F168380000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2591170277.000001F1689CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2600211763.000001F1689CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592119099.000001F168380000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8kernel32.pdb source: firefox.exe, 0000000E.00000003.2622190961.000001F1655C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2625693085.000001F16556C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mswsock.pdbvar(--in-content-page-color) source: firefox.exe, 0000000E.00000003.2615997678.000001F167A54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A53000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8TextInputFramework.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: rpcrt4.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2606805641.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2602990660.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2571363013.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592976334.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2616043588.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2629356584.000001F1628AC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2617534532.000001F167928000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8InputHost.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8ucrtbase.pdb source: firefox.exe, 0000000E.00000003.2620628059.000001F165C6F000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 0000000E.00000003.2608630508.000001F1665A5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: twinapi.pdbP4 source: firefox.exe, 0000000E.00000003.2592658384.000001F168319000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569584672.000001F168319000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shcore.pdb source: firefox.exe, 0000000E.00000003.2581622736.000001F1673A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595621366.000001F1673A6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 0000000E.00000003.2599433030.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2622836167.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbpref_suggest_data_collectionpref_suggest_nonsponsored@^=g source: firefox.exe, 0000000E.00000003.2617534532.000001F167928000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shell32.pdb source: firefox.exe, 0000000E.00000003.2595764021.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576622843.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624740210.000001F16726D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sspicli.pdb source: firefox.exe, 0000000E.00000003.2564364091.000001F168E2D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Bcp47Langs.pdb source: firefox.exe, 0000000E.00000003.2599433030.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2622836167.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8wtsapi32.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580036783.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599919306.000001F16DCA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8msvcp_win.pdb source: firefox.exe, 0000000E.00000003.2617534532.000001F167930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2571363013.000001F16794A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592976334.000001F16794A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbP^=g source: firefox.exe, 0000000E.00000003.2617534532.000001F167928000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2628864112.000001F1628AB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: dnsapi.pdb source: firefox.exe, 0000000E.00000003.2602078827.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624272673.000001F167AA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: userenv.pdb source: firefox.exe, 0000000E.00000003.2601143000.000001F168524000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.UI.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nlaapi.pdb source: firefox.exe, 0000000E.00000003.2606805641.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2602990660.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2571363013.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592976334.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2615997678.000001F167A54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2616043588.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winhttp.pdb source: firefox.exe, 0000000E.00000003.2613654716.000001F168EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580562704.000001F168EF2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msimg32.pdb source: firefox.exe, 0000000E.00000003.2614617620.000001F168DE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2564488912.000001F168DE4000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623845007.000001F168EB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: devobj.pdb source: firefox.exe, 0000000E.00000003.2592658384.000001F168319000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569584672.000001F168319000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592890914.000001F167AE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569668279.000001F167AE9000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: d3d11.pdb source: firefox.exe, 0000000E.00000003.2591170277.000001F168999000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2600585478.000001F16899C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2588261603.000001F1628AC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: 8Windows.Storage.pdb source: firefox.exe, 0000000E.00000003.2567628369.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2591170277.000001F1689CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2600211763.000001F1689CD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbghelp.pdb source: firefox.exe, 0000000E.00000003.2572325981.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580875312.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2593959375.000001F167788000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8netprofm.pdb source: firefox.exe, 0000000E.00000003.2605979067.000001F16D75C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2562902700.000001F16D742000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2562329109.000001F16D74F000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: gdi32.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: profapi.pdb source: firefox.exe, 0000000E.00000003.2617534532.000001F167928000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: avrt.pdb source: firefox.exe, 0000000E.00000003.2613654716.000001F168EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580562704.000001F168EF2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 0000000E.00000003.2599433030.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2622836167.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: WLDP.pdb source: firefox.exe, 0000000E.00000003.2581622736.000001F1673A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595621366.000001F1673A6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8directmanipulation.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sechost.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8setupapi.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599919306.000001F16DCA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8vcruntime140_1.amd64.pdb source: firefox.exe, 0000000E.00000003.2563987526.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: propsys.pdb source: firefox.exe, 0000000E.00000003.2581507285.000001F167746000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2574751767.000001F167735000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595214196.000001F167746000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8lgpllibs.pdb source: firefox.exe, 0000000E.00000003.2563987526.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623896054.000001F168EAA000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: 8gdi32full.pdb source: firefox.exe, 0000000E.00000003.2575542705.000001F167537000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2617885354.000001F167537000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2617534532.000001F167930000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8vcruntime140.amd64.pdb source: firefox.exe, 0000000E.00000003.2564488912.000001F168DB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2620628059.000001F165CC9000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winrnr.pdb source: firefox.exe, 0000000E.00000003.2602078827.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624272673.000001F167AA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: npmproxy.pdb source: firefox.exe, 0000000E.00000003.2630498809.000001F1628B1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: msctf.pdb source: firefox.exe, 0000000E.00000003.2592658384.000001F168319000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569584672.000001F168319000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: version.pdb source: firefox.exe, 0000000E.00000003.2581507285.000001F167746000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2574751767.000001F167735000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595214196.000001F167746000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbgcore.pdb source: firefox.exe, 0000000E.00000003.2572325981.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580875312.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2593959375.000001F167788000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mscms.pdb source: firefox.exe, 0000000E.00000003.2591537906.000001F1683FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2601143000.000001F168524000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2568002445.000001F1683FB000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: user32.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: twinapi.pdb source: firefox.exe, 0000000E.00000003.2592658384.000001F168319000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569584672.000001F168319000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8DataExchange.pdb source: firefox.exe, 0000000E.00000003.2599433030.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2622836167.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: 8wintrust.pdb source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623896054.000001F168EAA000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: psapi.pdb source: firefox.exe, 0000000E.00000003.2572325981.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580875312.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2593959375.000001F167788000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntdll.pdb source: firefox.exe, 0000000E.00000003.2609032581.000001F16654C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2608355611.000001F1665B5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dxgi.pdb source: firefox.exe, 0000000E.00000003.2591585136.000001F1683D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2568064401.000001F1683D7000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8npmproxy.pdb source: firefox.exe, 0000000E.00000003.2605979067.000001F16D75C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2562329109.000001F16D74F000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 0000000E.00000003.2599433030.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2622836167.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntmarta.pdbP4 source: firefox.exe, 0000000E.00000003.2595764021.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576622843.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624740210.000001F16726D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: crypt32.pdb source: firefox.exe, 0000000E.00000003.2607978206.000001F1665D5000.00000004.00000800.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0014DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0014DBBE
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0011C2A2 FindFirstFileExW,0_2_0011C2A2
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_001568EE FindFirstFileW,FindClose,0_2_001568EE
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0015698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0015698F
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0014D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0014D076
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0014D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0014D3A9
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00159642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00159642
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0015979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0015979D
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00159B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00159B2B
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00155C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00155C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 211MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 151.101.1.91 151.101.1.91
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0015CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0015CE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000E.00000003.2511825184.000001F1676DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2564488912.000001F168DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2564488912.000001F168DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2612554709.000001F16D655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2612554709.000001F16D655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2564488912.000001F168DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2463629903.000001F166C67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2564488912.000001F168DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2606805641.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2602990660.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2571363013.000001F1679DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2606805641.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2602990660.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2571363013.000001F1679DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2606805641.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2602990660.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2571363013.000001F1679DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000015.00000002.3627331482.0000019F41C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/& equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000015.00000002.3627331482.0000019F41C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/& equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000015.00000002.3627331482.0000019F41C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/& equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2631060654.000001F1628A1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2629416221.000001F162862000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2628864112.000001F1628A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2629416221.000001F162862000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.facebook.comRj equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2631060654.000001F1628A1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2631323709.000001F1627D3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2629416221.000001F162862000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2612036079.000001F16DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2631323709.000001F1627D3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2629416221.000001F1627D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.youtube.com5 equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2629416221.000001F162862000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.youtube.comLMEM equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2626672960.000001F1654C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2607978206.000001F1665D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2626672960.000001F1654B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000E.00000003.2563987526.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
    Source: firefox.exe, 0000000E.00000003.2563987526.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
    Source: firefox.exe, 0000000E.00000003.2563987526.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
    Source: firefox.exe, 0000000E.00000003.2563987526.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
    Source: firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000E.00000003.2583270083.000001F1628AB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566497635.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2631323709.000001F162862000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583270083.000001F162890000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2629416221.000001F162862000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583270083.000001F162890000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000E.00000003.2583155672.000001F1628AC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583270083.000001F162890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000E.00000003.2583270083.000001F1628AB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583270083.000001F162890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2583270083.000001F1628AB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583270083.000001F162890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000E.00000003.2583155672.000001F1628AC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583270083.000001F162890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2583270083.000001F1628AB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583270083.000001F162890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583270083.000001F162890000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583270083.000001F162890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000E.00000003.2600211763.000001F1689CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000E.00000003.2625693085.000001F16556C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2578736165.000001F16EF60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580875312.000001F1677F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2593780094.000001F1677F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2625693085.000001F16556C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000E.00000003.2619061831.000001F167319000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000E.00000003.2609869937.000001F166333000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
    Source: firefox.exe, 0000000E.00000003.2609869937.000001F166333000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
    Source: firefox.exe, 0000000E.00000003.2609869937.000001F166333000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
    Source: firefox.exe, 0000000E.00000003.2609869937.000001F166333000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000E.00000003.2511031032.000001F1653F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2469948483.000001F166485000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2607805440.000001F166A8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595471076.000001F1673D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2512526295.000001F1653C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2475761299.000001F16674B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2483793289.000001F165FD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592041426.000001F168399000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592449832.000001F16834A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2470897314.000001F16649A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2567628369.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2522635466.000001F168BA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2584665255.000001F1653E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2555252996.000001F1651A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2469948483.000001F166493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2575542705.000001F167537000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2539021058.000001F16516E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2537116626.000001F166299000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2536671828.000001F166485000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2534990398.000001F1664E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2483793289.000001F165FEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000E.00000003.2583270083.000001F1628AB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583270083.000001F162890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000E.00000003.2583270083.000001F1628AB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566497635.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2631323709.000001F162862000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583270083.000001F162890000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2629416221.000001F162862000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583270083.000001F162890000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000E.00000003.2583155672.000001F1628AC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583270083.000001F162890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2579839574.000001F16ED8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2579839574.000001F16ED8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583270083.000001F162890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000E.00000003.2601011429.000001F1685B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000E.00000003.2563987526.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
    Source: firefox.exe, 0000000E.00000003.2618703994.000001F16737D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2604459305.000001F167374000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2463629903.000001F166C67000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2619061831.000001F167319000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2625693085.000001F16556C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 0000000E.00000003.2463629903.000001F166C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://global/content/elements/moz-bu
    Source: mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000E.00000003.2579839574.000001F16ED8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.2579839574.000001F16ED8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000E.00000003.2562902700.000001F16D73A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 0000000E.00000003.2427572346.000001F164C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428187009.000001F164E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427988264.000001F164E31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427819002.000001F164E0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000E.00000003.2595764021.000001F16723E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576622843.000001F16723E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000E.00000003.2611529769.000001F16DDCD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000E.00000003.2591585136.000001F1683EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000E.00000003.2567628369.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2520872079.000001F166847000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2520047665.000001F166728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2548107120.000001F166941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-users/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000E.00000003.2612036079.000001F16DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000E.00000003.2612036079.000001F16DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000E.00000003.2612036079.000001F16DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000E.00000003.2612036079.000001F16DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000E.00000003.2612036079.000001F16DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000E.00000003.2612554709.000001F16D655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 0000000E.00000003.2626672960.000001F1654C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2626672960.000001F1654B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.2612036079.000001F16DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 0000000E.00000003.2612036079.000001F16DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000E.00000003.2595764021.000001F167282000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2595764021.000001F167282000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000E.00000003.2561928644.000001F16DDEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2611169665.000001F16DDED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2625031928.000001F167177000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623485973.000001F168EC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000010.00000002.3628320789.0000024DA01C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3628423249.000002A4AE4E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3631444606.0000019F41F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
    Source: firefox.exe, 00000010.00000002.3628320789.0000024DA01C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3628423249.000002A4AE4E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3631444606.0000019F41F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
    Source: firefox.exe, 0000000E.00000003.2511031032.000001F1653B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000E.00000003.2511031032.000001F1653B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000E.00000003.2567628369.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 0000000E.00000003.2567628369.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 0000000E.00000003.2567628369.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 0000000E.00000003.2567628369.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 0000000E.00000003.2511031032.000001F1653B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000E.00000003.2511031032.000001F1653B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000E.00000003.2511031032.000001F1653B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000E.00000003.2427572346.000001F164C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428187009.000001F164E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427988264.000001F164E31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427819002.000001F164E0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000E.00000003.2564488912.000001F168DD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000010.00000002.3628320789.0000024DA01C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3628423249.000002A4AE4E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3631444606.0000019F41F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
    Source: firefox.exe, 00000010.00000002.3628320789.0000024DA01C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3628423249.000002A4AE4E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3631444606.0000019F41F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000E.00000003.2623896054.000001F168EAA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2623896054.000001F168EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623755065.000001F168EC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com0mkc
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000E.00000003.2511825184.000001F1676DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580036783.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2582486339.000001F16692E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2557913149.000001F1676D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.2469948483.000001F166493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000E.00000003.2427572346.000001F164C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428187009.000001F164E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2534990398.000001F1664AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2525018863.000001F164D6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2439369541.000001F164D73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2627175810.000001F16548C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427988264.000001F164E31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427819002.000001F164E0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2625693085.000001F165586000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2469948483.000001F1664AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000E.00000003.2463629903.000001F166C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/y
    Source: firefox.exe, 0000000E.00000003.2601143000.000001F168524000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2567628369.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3628423249.000002A4AE412000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3627331482.0000019F41C13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2465308412.000001F166252000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2467488570.000001F166249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
    Source: firefox.exe, 0000000E.00000003.2465308412.000001F166252000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2467488570.000001F166249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 0000000E.00000003.2467488570.000001F166249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000E.00000003.2615666424.000001F168CF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2565374405.000001F168CEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2601143000.000001F168595000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2597988138.000001F16EE64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 0000000E.00000003.2601143000.000001F168524000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2567628369.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3628423249.000002A4AE412000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3627331482.0000019F41C13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000012.00000002.3628423249.000002A4AE4C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3627331482.0000019F41CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000012.00000002.3628423249.000002A4AE4C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3627331482.0000019F41CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 0000000E.00000003.2590576777.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3628423249.000002A4AE42F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3627331482.0000019F41C30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623943292.000001F168E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623943292.000001F168E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623943292.000001F168E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623943292.000001F168E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623943292.000001F168E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623943292.000001F168E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623943292.000001F168E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 00000012.00000002.3628423249.000002A4AE4C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3627331482.0000019F41CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000E.00000003.2567628369.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623943292.000001F168E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623943292.000001F168E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 00000012.00000002.3628423249.000002A4AE4C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3627331482.0000019F41CC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000E.00000003.2567628369.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000E.00000003.2567628369.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000E.00000003.2567628369.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000E.00000003.2522635466.000001F168BD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2526471497.000001F168BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000E.00000003.2522635466.000001F168BD4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2526471497.000001F168BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000E.00000003.2427572346.000001F164C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427988264.000001F164E31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427819002.000001F164E0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000E.00000003.2567628369.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 0000000E.00000003.2567628369.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 0000000E.00000003.2624176542.000001F168C6E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2567628369.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 0000000E.00000003.2567628369.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000E.00000003.2507238164.000001F16765B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2482391459.000001F166797000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2508933018.000001F16765B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2509740516.000001F16765B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596711882.000001F166AE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2511825184.000001F1676D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2582486339.000001F16692E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2480320573.000001F166797000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2508135798.000001F16765B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000E.00000003.2611593584.000001F16DDB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 0000000E.00000003.2604117797.000001F167711000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2574751767.000001F16770B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595342175.000001F16770E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 0000000E.00000003.2611593584.000001F16DDB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 0000000E.00000003.2611593584.000001F16DDB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 0000000E.00000003.2611593584.000001F16DDB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 0000000E.00000003.2611593584.000001F16DDB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000E.00000003.2600211763.000001F1689CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2601143000.000001F168524000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3628423249.000002A4AE4C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3627331482.0000019F41CF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000E.00000003.2579839574.000001F16ED8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/aa8eeb79-cf7e-42f4-95e9-ca89b
    Source: firefox.exe, 0000000E.00000003.2567628369.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/48b289d7-ace3-4784-a9a6-3785
    Source: firefox.exe, 0000000E.00000003.2607805440.000001F166A8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/top-sites/1/d3698c60-da91-4f8c-b7c7-e1
    Source: firefox.exe, 0000000E.00000003.2580036783.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599919306.000001F16DCA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/2bf9bc54-b39d-453c
    Source: firefox.exe, 0000000E.00000003.2580036783.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599919306.000001F16DCA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/521e996a-8c41-4d91
    Source: firefox.exe, 0000000E.00000003.2567628369.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2612554709.000001F16D6F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2463629903.000001F166C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000E.00000003.2609869937.000001F166333000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
    Source: firefox.exe, 0000000E.00000003.2609869937.000001F166333000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
    Source: firefox.exe, 0000000E.00000003.2609869937.000001F166333000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
    Source: firefox.exe, 0000000E.00000003.2609869937.000001F166333000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
    Source: firefox.exe, 0000000E.00000003.2622190961.000001F1655C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2600885015.000001F168913000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 0000000E.00000003.2595764021.000001F16724D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576622843.000001F16724D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000E.00000003.2595764021.000001F16724D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576622843.000001F16724D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000E.00000003.2511825184.000001F1676DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580036783.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599919306.000001F16DCA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2582486339.000001F16692E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2557913149.000001F1676D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 00000012.00000002.3628423249.000002A4AE486000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3627331482.0000019F41C8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2479712459.000001F1668A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2583270083.000001F162890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000E.00000003.2478284977.000001F1668A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2481417123.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2480372032.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2482073781.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2481030215.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2479712459.000001F1668A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
    Source: firefox.exe, 0000000E.00000003.2478284977.000001F1668A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2481417123.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2480372032.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2482073781.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2481030215.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2479712459.000001F1668A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000E.00000003.2616043588.000001F1679DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2622836167.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2590576777.000001F168C47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 0000000E.00000003.2607978206.000001F1665C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 0000000E.00000003.2574751767.000001F167753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581470978.000001F167756000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595172712.000001F167756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 0000000E.00000003.2607978206.000001F1665C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 0000000E.00000003.2607978206.000001F1665C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2427819002.000001F164E0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2469948483.000001F166493000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 0000000E.00000003.2596941779.000001F166AA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000E.00000003.2592976334.000001F16794A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2622703770.000001F16EF49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2593780094.000001F1677F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595172712.000001F167756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000E.00000003.2613552003.000001F16D611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 0000000E.00000003.2627536834.000001F165475000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2567628369.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3628423249.000002A4AE412000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3627331482.0000019F41C13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000E.00000003.2627536834.000001F165475000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623943292.000001F168E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623943292.000001F168E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 0000000E.00000003.2565374405.000001F168CB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2567628369.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3628423249.000002A4AE4C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3627331482.0000019F41CF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 00000015.00000002.3627331482.0000019F41CF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user8
    Source: firefox.exe, 0000000E.00000003.2626672960.000001F1654C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2626672960.000001F1654B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-user-removal
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 0000000E.00000003.2467488570.000001F166249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
    Source: firefox.exe, 0000000E.00000003.2467488570.000001F166249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000E.00000003.2575542705.000001F1675CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2622703770.000001F16EF49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2608630508.000001F1665A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2617885354.000001F1675CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2461383585.000001F1675EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000E.00000003.2579839574.000001F16ED8F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2575542705.000001F16751D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000E.00000003.2609869937.000001F166329000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000E.00000003.2581872764.000001F1674AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2524481438.000001F16748C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2653592485.000001F1674AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000E.00000003.2602840065.000001F167A5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 0000000E.00000003.2609869937.000001F166329000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000E.00000003.2624176542.000001F168C6E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2567628369.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000E.00000003.2627536834.000001F165481000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2463629903.000001F166C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000E.00000003.2627536834.000001F165481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 0000000E.00000003.2463629903.000001F166C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000010.00000002.3628320789.0000024DA01C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3628423249.000002A4AE4E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3631444606.0000019F41F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
    Source: firefox.exe, 0000000E.00000003.2562902700.000001F16D742000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2620387968.000001F165CEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428187009.000001F164E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2534990398.000001F1664AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427988264.000001F164E31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427819002.000001F164E0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2469948483.000001F1664AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000E.00000003.2627536834.000001F165481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 0000000E.00000003.2627536834.000001F165481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000E.00000003.2612554709.000001F16D655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000E.00000003.2612554709.000001F16D655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: firefox.exe, 0000000E.00000003.2583501177.000001F16286A000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.2612554709.000001F16D655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000E.00000003.2627536834.000001F165481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 0000000E.00000003.2564488912.000001F168DBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2612554709.000001F16D655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000E.00000003.2565374405.000001F168CD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000E.00000003.2451661027.000001F16D4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2452530925.000001F16D4E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2454083674.000001F16D48F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000E.00000003.2427572346.000001F164C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428187009.000001F164E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427988264.000001F164E31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427819002.000001F164E0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000E.00000003.2427572346.000001F164C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428187009.000001F164E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2534990398.000001F1664AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427988264.000001F164E31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427819002.000001F164E0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2469948483.000001F1664AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2478284977.000001F1668A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2481417123.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2480372032.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2482073781.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2481030215.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2479712459.000001F1668A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
    Source: firefox.exe, 0000000E.00000003.2478284977.000001F1668A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2481417123.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2480372032.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2482073781.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2481030215.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2479712459.000001F1668A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
    Source: firefox.exe, 0000000E.00000003.2463629903.000001F166C67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 0000000E.00000003.2565181291.000001F168D44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2562902700.000001F16D73C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2627175810.000001F16548C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2609869937.000001F166329000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
    Source: firefox.exe, 0000000E.00000003.2465308412.000001F166252000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2467488570.000001F166249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000E.00000003.2612156015.000001F16DD47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: firefox.exe, 0000000E.00000003.2609869937.000001F166329000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
    Source: firefox.exe, 0000000E.00000003.2622703770.000001F16EF49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/
    Source: firefox.exe, 0000000E.00000003.2609869937.000001F166329000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595172712.000001F167756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 0000000E.00000003.2612036079.000001F16DD63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 00000010.00000002.3628320789.0000024DA01C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3628423249.000002A4AE4C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3627331482.0000019F41CF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623943292.000001F168E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 00000015.00000002.3627331482.0000019F41CF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox//
    Source: firefox.exe, 00000010.00000002.3628320789.0000024DA01C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/7
    Source: firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623943292.000001F168E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 0000000E.00000003.2595764021.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576622843.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624740210.000001F16726D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000E.00000003.2627536834.000001F165481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 00000010.00000002.3628320789.0000024DA01C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3628423249.000002A4AE4E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3631444606.0000019F41F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
    Source: firefox.exe, 0000000E.00000003.2610931599.000001F16ED73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2578736165.000001F16EF60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000E.00000003.2627536834.000001F165481000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 00000015.00000002.3627331482.0000019F41C0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000E.00000003.2576472005.000001F1673B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2620387968.000001F165CE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000E.00000003.2590576777.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576622843.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592285796.000001F168361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624740210.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2604230312.000001F1673D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569079046.000001F168361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576472005.000001F1673D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.14.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 0000000E.00000003.2631323709.000001F1627D3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2629416221.000001F1627D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=ht
    Source: firefox.exe, 00000015.00000002.3630677318.0000019F41D50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://ac
    Source: firefox.exe, 00000012.00000002.3627248548.000002A4AE3B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://ac1
    Source: firefox.exe, 00000010.00000002.3626587942.0000024D9FE4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.googl
    Source: firefox.exe, 0000000E.00000003.2569837982.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2507238164.000001F167642000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2615808655.000001F1689E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2600211763.000001F1689E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576472005.000001F1673D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592119099.000001F168385000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3626587942.0000024D9FE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3626587942.0000024D9FE4A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3631359833.0000024DA0234000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3625599817.000002A4AE140000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3627248548.000002A4AE3B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3625599817.000002A4AE14A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3630677318.0000019F41D54000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3625595668.0000019F4189A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000C.00000002.2415118335.0000022267140000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2422657628.00000226645FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000015.00000002.3625595668.0000019F4189A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd-_
    Source: firefox.exe, 00000012.00000002.3625599817.000002A4AE14A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd48
    Source: firefox.exe, 00000015.00000002.3625595668.0000019F41890000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd9_
    Source: firefox.exe, 00000010.00000002.3626587942.0000024D9FE40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3631359833.0000024DA0234000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3625599817.000002A4AE140000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3627248548.000002A4AE3B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3625595668.0000019F41890000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3630677318.0000019F41D54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: mdPov8VTwi.exe, 00000000.00000003.2449498898.0000000001348000.00000004.00000020.00020000.00000000.sdmp, mdPov8VTwi.exe, 00000000.00000002.2471661253.0000000001358000.00000004.00000020.00020000.00000000.sdmp, mdPov8VTwi.exe, 00000000.00000003.2450239539.0000000001351000.00000004.00000020.00020000.00000000.sdmp, mdPov8VTwi.exe, 00000000.00000003.2445956366.0000000001341000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdgAE
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49727 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49730 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49741 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49750 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49751 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49760 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49763 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.6:49762 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49766 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49767 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49768 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49769 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49781 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49780 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49778 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49777 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49783 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49782 version: TLS 1.2
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0015EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0015EAFF
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0015ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0015ED6A
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0015EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0015EAFF
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0014AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0014AA57
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00179576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00179576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: mdPov8VTwi.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: mdPov8VTwi.exe, 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_f69f035a-0
    Source: mdPov8VTwi.exe, 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_5d072c57-d
    Source: mdPov8VTwi.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_1bbab606-e
    Source: mdPov8VTwi.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_f7be4930-0
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000002A4AE3C50B7 NtQuerySystemInformation,18_2_000002A4AE3C50B7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000002A4AE3EB2B2 NtQuerySystemInformation,18_2_000002A4AE3EB2B2
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0014D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0014D5EB
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00141201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00141201
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0014E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0014E8F6
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_001520460_2_00152046
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_000E80600_2_000E8060
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_001482980_2_00148298
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0011E4FF0_2_0011E4FF
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0011676B0_2_0011676B
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_001748730_2_00174873
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0010CAA00_2_0010CAA0
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_000ECAF00_2_000ECAF0
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_000FCC390_2_000FCC39
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00116DD90_2_00116DD9
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_000FB1190_2_000FB119
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_000E91C00_2_000E91C0
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_001013940_2_00101394
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0010781B0_2_0010781B
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_000E79200_2_000E7920
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_000F997D0_2_000F997D
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00107A4A0_2_00107A4A
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00107CA70_2_00107CA7
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0016BE440_2_0016BE44
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00119EEE0_2_00119EEE
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000002A4AE3C50B718_2_000002A4AE3C50B7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000002A4AE3EB2B218_2_000002A4AE3EB2B2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000002A4AE3EB9DC18_2_000002A4AE3EB9DC
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000002A4AE3EB2F218_2_000002A4AE3EB2F2
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: String function: 000E9CB3 appears 31 times
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: String function: 00100A30 appears 46 times
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: String function: 000FF9F2 appears 40 times
    Source: mdPov8VTwi.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@34/34@66/12
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_001537B5 GetLastError,FormatMessageW,0_2_001537B5
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_001410BF AdjustTokenPrivileges,CloseHandle,0_2_001410BF
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_001416C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_001416C3
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_001551CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_001551CD
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0014D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0014D4DC
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0015648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0015648E
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_000E42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_000E42A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5672:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4152:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1444:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5172:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6400:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: mdPov8VTwi.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000E.00000003.2611458511.000001F16DDD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000E.00000003.2611458511.000001F16DDD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000E.00000003.2611458511.000001F16DDD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000E.00000003.2611458511.000001F16DDD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000E.00000003.2611458511.000001F16DDD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000E.00000003.2611458511.000001F16DDD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000E.00000003.2611458511.000001F16DDD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000E.00000003.2611458511.000001F16DDD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000E.00000003.2611458511.000001F16DDD0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: mdPov8VTwi.exeVirustotal: Detection: 22%
    Source: mdPov8VTwi.exeReversingLabs: Detection: 36%
    Source: unknownProcess created: C:\Users\user\Desktop\mdPov8VTwi.exe "C:\Users\user\Desktop\mdPov8VTwi.exe"
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70d81a13-a225-4265-8ca9-40698a313c3e} 6732 "\\.\pipe\gecko-crash-server-pipe.6732" 1f154d6dd10 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2512 -parentBuildID 20230927232528 -prefsHandle 4152 -prefMapHandle 4012 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ee53d91-f2db-4f57-847b-44ac09d70421} 6732 "\\.\pipe\gecko-crash-server-pipe.6732" 1f1672fbf10 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5256 -prefMapHandle 5228 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {483d19b1-0be0-4d3d-8b1c-b6a9ab3ca66f} 6732 "\\.\pipe\gecko-crash-server-pipe.6732" 1f16dd04110 utility
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70d81a13-a225-4265-8ca9-40698a313c3e} 6732 "\\.\pipe\gecko-crash-server-pipe.6732" 1f154d6dd10 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2512 -parentBuildID 20230927232528 -prefsHandle 4152 -prefMapHandle 4012 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ee53d91-f2db-4f57-847b-44ac09d70421} 6732 "\\.\pipe\gecko-crash-server-pipe.6732" 1f1672fbf10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5256 -prefMapHandle 5228 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {483d19b1-0be0-4d3d-8b1c-b6a9ab3ca66f} 6732 "\\.\pipe\gecko-crash-server-pipe.6732" 1f16dd04110 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: mdPov8VTwi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: mdPov8VTwi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: mdPov8VTwi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: mdPov8VTwi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: mdPov8VTwi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: mdPov8VTwi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: mdPov8VTwi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: UxTheme.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: rsaenh.pdb source: firefox.exe, 0000000E.00000003.2612462394.000001F16D724000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2612554709.000001F16D688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563535445.000001F16D722000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xWindows.Security.Integrity.pdb source: firefox.exe, 0000000E.00000003.2608630508.000001F1665A5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winsta.pdb source: firefox.exe, 0000000E.00000003.2592285796.000001F168361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569079046.000001F168361000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000E.00000003.2581507285.000001F167746000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2574751767.000001F167735000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595214196.000001F167746000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: WscApi.pdb source: firefox.exe, 0000000E.00000003.2591170277.000001F168999000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2600585478.000001F16899C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: npmproxy.pdbUGP source: firefox.exe, 0000000E.00000003.2630498809.000001F1628B1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2617534532.000001F167928000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2628864112.000001F1628AB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: msvcrt.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 0000000E.00000003.2625693085.000001F16556C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8WinTypes.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2587327612.000001F170A01000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: xul.pdb source: firefox.exe, 0000000E.00000003.2581507285.000001F167746000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2574751767.000001F167735000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595214196.000001F167746000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nssckbi.pdb source: firefox.exe, 0000000E.00000003.2564364091.000001F168E2D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mozglue.pdb source: firefox.exe, 0000000E.00000003.2608355611.000001F1665B5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winnsi.pdb source: firefox.exe, 0000000E.00000003.2602078827.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624272673.000001F167AA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dcomp.pdb source: firefox.exe, 0000000E.00000003.2591585136.000001F1683D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2591537906.000001F1683FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2568064401.000001F1683D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2568002445.000001F1683FB000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: cryptsp.pdb source: firefox.exe, 0000000E.00000003.2612554709.000001F16D688000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613356097.000001F16D63F000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8dhcpcsvc6.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599919306.000001F16DCA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shell32.pdbbookmarks-mobile-bookmarks-menu source: firefox.exe, 0000000E.00000003.2619061831.000001F167319000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntmarta.pdb source: firefox.exe, 0000000E.00000003.2595764021.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576622843.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624740210.000001F16726D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: CLBCatQ.pdb source: firefox.exe, 0000000E.00000003.2617534532.000001F167928000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8twinapi.appcore.pdb source: firefox.exe, 0000000E.00000003.2599433030.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2622836167.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8kernelbase.pdb source: firefox.exe, 0000000E.00000003.2620628059.000001F165C6F000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shlwapi.pdb source: firefox.exe, 0000000E.00000003.2581622736.000001F1673A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595621366.000001F1673A6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.2588261603.000001F1628AC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: 8CoreMessaging.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580036783.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wsock32.pdbP4 source: firefox.exe, 0000000E.00000003.2575542705.000001F167537000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2617885354.000001F167537000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: win32u.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dwmapi.pdb source: firefox.exe, 0000000E.00000003.2592658384.000001F168319000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569584672.000001F168319000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8bcryptprimitives.pdb source: firefox.exe, 0000000E.00000003.2624694927.000001F16750E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: firefox.pdb source: firefox.exe, 0000000E.00000003.2609032581.000001F16654C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: srvcli.pdb source: firefox.exe, 0000000E.00000003.2567628369.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: imm32.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: freebl3.pdb source: firefox.exe, 0000000E.00000003.2614617620.000001F168DE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2564364091.000001F168E2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2564488912.000001F168DE4000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2587327612.000001F170A01000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ws2_32.pdb source: firefox.exe, 0000000E.00000003.2624694927.000001F16750E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mswsock.pdb source: firefox.exe, 0000000E.00000003.2602078827.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624272673.000001F167AA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8gkcodecs.pdb source: firefox.exe, 0000000E.00000003.2564953630.000001F168DAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2564488912.000001F168DB1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8iphlpapi.pdb source: firefox.exe, 0000000E.00000003.2605979067.000001F16D75C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2562329109.000001F16D74F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC50000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nsi.pdb source: firefox.exe, 0000000E.00000003.2602078827.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624272673.000001F167AA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msimg32.pdb`w source: firefox.exe, 0000000E.00000003.2564488912.000001F168DE4000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winmm.pdb source: firefox.exe, 0000000E.00000003.2617534532.000001F167928000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ole32.pdb source: firefox.exe, 0000000E.00000003.2595471076.000001F1673C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2604283631.000001F1673C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576472005.000001F1673B5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8CoreUIComponents.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8cryptbase.pdb source: firefox.exe, 0000000E.00000003.2609032581.000001F166541000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8cfgmgr32.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599919306.000001F16DCA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msasn1.pdb source: firefox.exe, 0000000E.00000003.2593959375.000001F16775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2573966495.000001F16775B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2572325981.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580875312.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2593959375.000001F167788000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: DWrite.pdb source: firefox.exe, 0000000E.00000003.2572325981.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580875312.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2593959375.000001F167788000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: combase.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shlwapi.pdb@ source: firefox.exe, 0000000E.00000003.2595471076.000001F1673C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2604283631.000001F1673C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576472005.000001F1673B5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8dhcpcsvc.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599919306.000001F16DCA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2629356584.000001F1628AC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: 8msvcp140.amd64.pdb source: firefox.exe, 0000000E.00000003.2563987526.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2620628059.000001F165C6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nss3.pdb source: firefox.exe, 0000000E.00000003.2595471076.000001F1673C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595471076.000001F1673D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2604230312.000001F1673D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2604283631.000001F1673C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576472005.000001F1673B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576472005.000001F1673D1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ncrypt.pdb source: firefox.exe, 0000000E.00000003.2564364091.000001F168E2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623845007.000001F168EB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8webauthn.pdb source: firefox.exe, 0000000E.00000003.2562902700.000001F16D742000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613602044.000001F16D605000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Kernel.Appcore.pdb source: firefox.exe, 0000000E.00000003.2602078827.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624272673.000001F167AA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2571363013.000001F16794A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592976334.000001F16794A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 0000000E.00000003.2599433030.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2622836167.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wsock32.pdb source: firefox.exe, 0000000E.00000003.2624694927.000001F16750E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: UMPDC.pdb source: firefox.exe, 0000000E.00000003.2565181291.000001F168D44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2614617620.000001F168DE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2564488912.000001F168DE4000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wininet.pdb source: firefox.exe, 0000000E.00000003.2564364091.000001F168E2D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8oleaut32.pdb source: firefox.exe, 0000000E.00000003.2568881529.000001F168380000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2591170277.000001F1689CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2600211763.000001F1689CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592119099.000001F168380000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8kernel32.pdb source: firefox.exe, 0000000E.00000003.2622190961.000001F1655C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2625693085.000001F16556C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mswsock.pdbvar(--in-content-page-color) source: firefox.exe, 0000000E.00000003.2615997678.000001F167A54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A53000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8TextInputFramework.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: rpcrt4.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 0000000E.00000003.2606805641.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2602990660.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2571363013.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592976334.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2616043588.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2629356584.000001F1628AC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2617534532.000001F167928000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8InputHost.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8ucrtbase.pdb source: firefox.exe, 0000000E.00000003.2620628059.000001F165C6F000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 0000000E.00000003.2608630508.000001F1665A5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: twinapi.pdbP4 source: firefox.exe, 0000000E.00000003.2592658384.000001F168319000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569584672.000001F168319000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shcore.pdb source: firefox.exe, 0000000E.00000003.2581622736.000001F1673A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595621366.000001F1673A6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Bcp47mrm.pdb source: firefox.exe, 0000000E.00000003.2599433030.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2622836167.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbpref_suggest_data_collectionpref_suggest_nonsponsored@^=g source: firefox.exe, 0000000E.00000003.2617534532.000001F167928000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shell32.pdb source: firefox.exe, 0000000E.00000003.2595764021.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576622843.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624740210.000001F16726D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sspicli.pdb source: firefox.exe, 0000000E.00000003.2564364091.000001F168E2D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Bcp47Langs.pdb source: firefox.exe, 0000000E.00000003.2599433030.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2622836167.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8wtsapi32.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580036783.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599919306.000001F16DCA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8msvcp_win.pdb source: firefox.exe, 0000000E.00000003.2617534532.000001F167930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2571363013.000001F16794A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592976334.000001F16794A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbP^=g source: firefox.exe, 0000000E.00000003.2617534532.000001F167928000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2628864112.000001F1628AB000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: dnsapi.pdb source: firefox.exe, 0000000E.00000003.2602078827.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624272673.000001F167AA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: userenv.pdb source: firefox.exe, 0000000E.00000003.2601143000.000001F168524000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.UI.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nlaapi.pdb source: firefox.exe, 0000000E.00000003.2606805641.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2602990660.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2571363013.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592976334.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2615997678.000001F167A54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2616043588.000001F1679DE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winhttp.pdb source: firefox.exe, 0000000E.00000003.2613654716.000001F168EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580562704.000001F168EF2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msimg32.pdb source: firefox.exe, 0000000E.00000003.2614617620.000001F168DE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2564488912.000001F168DE4000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntasn1.pdb source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623845007.000001F168EB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: devobj.pdb source: firefox.exe, 0000000E.00000003.2592658384.000001F168319000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569584672.000001F168319000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592890914.000001F167AE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569668279.000001F167AE9000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: d3d11.pdb source: firefox.exe, 0000000E.00000003.2591170277.000001F168999000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2600585478.000001F16899C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.2588261603.000001F1628AC000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: 8Windows.Storage.pdb source: firefox.exe, 0000000E.00000003.2567628369.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2591170277.000001F1689CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2600211763.000001F1689CD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbghelp.pdb source: firefox.exe, 0000000E.00000003.2572325981.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580875312.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2593959375.000001F167788000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8netprofm.pdb source: firefox.exe, 0000000E.00000003.2605979067.000001F16D75C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2562902700.000001F16D742000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2562329109.000001F16D74F000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: gdi32.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: profapi.pdb source: firefox.exe, 0000000E.00000003.2617534532.000001F167928000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: avrt.pdb source: firefox.exe, 0000000E.00000003.2613654716.000001F168EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580562704.000001F168EF2000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 0000000E.00000003.2599433030.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2622836167.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: WLDP.pdb source: firefox.exe, 0000000E.00000003.2581622736.000001F1673A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595621366.000001F1673A6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8directmanipulation.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sechost.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8setupapi.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599919306.000001F16DCA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8vcruntime140_1.amd64.pdb source: firefox.exe, 0000000E.00000003.2563987526.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E47000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: propsys.pdb source: firefox.exe, 0000000E.00000003.2581507285.000001F167746000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2574751767.000001F167735000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595214196.000001F167746000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8lgpllibs.pdb source: firefox.exe, 0000000E.00000003.2563987526.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623896054.000001F168EAA000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: 8gdi32full.pdb source: firefox.exe, 0000000E.00000003.2575542705.000001F167537000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2617885354.000001F167537000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2617534532.000001F167930000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8vcruntime140.amd64.pdb source: firefox.exe, 0000000E.00000003.2564488912.000001F168DB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2620628059.000001F165CC9000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winrnr.pdb source: firefox.exe, 0000000E.00000003.2602078827.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624272673.000001F167AA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A9B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: npmproxy.pdb source: firefox.exe, 0000000E.00000003.2630498809.000001F1628B1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: msctf.pdb source: firefox.exe, 0000000E.00000003.2592658384.000001F168319000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569584672.000001F168319000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: version.pdb source: firefox.exe, 0000000E.00000003.2581507285.000001F167746000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2574751767.000001F167735000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595214196.000001F167746000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbgcore.pdb source: firefox.exe, 0000000E.00000003.2572325981.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580875312.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2593959375.000001F167788000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mscms.pdb source: firefox.exe, 0000000E.00000003.2591537906.000001F1683FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2601143000.000001F168524000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2568002445.000001F1683FB000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: user32.pdb source: firefox.exe, 0000000E.00000003.2577460110.000001F166BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2581701860.000001F166BE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2596256897.000001F166BE5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: twinapi.pdb source: firefox.exe, 0000000E.00000003.2592658384.000001F168319000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569584672.000001F168319000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8DataExchange.pdb source: firefox.exe, 0000000E.00000003.2599433030.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2622836167.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: 8wintrust.pdb source: firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623896054.000001F168EAA000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: psapi.pdb source: firefox.exe, 0000000E.00000003.2572325981.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580875312.000001F167788000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2593959375.000001F167788000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 0000000E.00000003.2580036783.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2599433030.000001F16DCD9000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntdll.pdb source: firefox.exe, 0000000E.00000003.2609032581.000001F16654C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2608355611.000001F1665B5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dxgi.pdb source: firefox.exe, 0000000E.00000003.2591585136.000001F1683D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2568064401.000001F1683D7000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8npmproxy.pdb source: firefox.exe, 0000000E.00000003.2605979067.000001F16D75C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2562329109.000001F16D74F000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 0000000E.00000003.2599433030.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2622836167.000001F16DCFD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntmarta.pdbP4 source: firefox.exe, 0000000E.00000003.2595764021.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576622843.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624740210.000001F16726D000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: crypt32.pdb source: firefox.exe, 0000000E.00000003.2607978206.000001F1665D5000.00000004.00000800.00020000.00000000.sdmp
    Source: mdPov8VTwi.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: mdPov8VTwi.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: mdPov8VTwi.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: mdPov8VTwi.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: mdPov8VTwi.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_000E42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_000E42DE
    Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00100A76 push ecx; ret 0_2_00100A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_000FF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_000FF98E
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00171C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00171C41
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96139
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000002A4AE3C50B7 rdtsc 18_2_000002A4AE3C50B7
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeAPI coverage: 3.9 %
    Source: C:\Users\user\Desktop\mdPov8VTwi.exe TID: 6112Thread sleep count: 104 > 30Jump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exe TID: 6112Thread sleep count: 186 > 30Jump to behavior
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0014DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0014DBBE
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0011C2A2 FindFirstFileExW,0_2_0011C2A2
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_001568EE FindFirstFileW,FindClose,0_2_001568EE
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0015698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0015698F
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0014D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0014D076
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0014D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0014D3A9
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00159642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00159642
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0015979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0015979D
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00159B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00159B2B
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00155C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00155C97
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_000E42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_000E42DE
    Source: mdPov8VTwi.exe, 00000000.00000002.2471703010.0000000001366000.00000004.00000020.00020000.00000000.sdmp, mdPov8VTwi.exe, 00000000.00000003.2449498898.0000000001366000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$L
    Source: firefox.exe, 00000012.00000002.3631691419.000002A4AE960000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
    Source: firefox.exe, 00000010.00000002.3626587942.0000024D9FE4A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3625599817.000002A4AE14A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3631075497.0000019F41D60000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3625595668.0000019F4189A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000010.00000002.3631947317.0000024DA0317000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: mdPov8VTwi.exe, 00000000.00000003.2369536071.000000000118B000.00000004.00000020.00020000.00000000.sdmp, mdPov8VTwi.exe, 00000000.00000003.2465572761.000000000118B000.00000004.00000020.00020000.00000000.sdmp, mdPov8VTwi.exe, 00000000.00000003.2452498425.000000000118A000.00000004.00000020.00020000.00000000.sdmp, mdPov8VTwi.exe, 00000000.00000003.2467592806.000000000118B000.00000004.00000020.00020000.00000000.sdmp, mdPov8VTwi.exe, 00000000.00000003.2367254387.000000000118A000.00000004.00000020.00020000.00000000.sdmp, mdPov8VTwi.exe, 00000000.00000002.2471156581.000000000118B000.00000004.00000020.00020000.00000000.sdmp, mdPov8VTwi.exe, 00000000.00000003.2371505690.000000000118B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3632622646.0000024DA0400000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3631691419.000002A4AE960000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000002A4AE3C50B7 rdtsc 18_2_000002A4AE3C50B7
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0015EAA2 BlockInput,0_2_0015EAA2
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00112622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00112622
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_000E42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_000E42DE
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00104CE8 mov eax, dword ptr fs:[00000030h]0_2_00104CE8
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00140B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00140B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00112622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00112622
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0010083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0010083F
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_001009D5 SetUnhandledExceptionFilter,0_2_001009D5
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00100C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00100C21
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00141201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00141201
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00122BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00122BA5
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0014B226 SendInput,keybd_event,0_2_0014B226
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_001622DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_001622DA
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00140B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00140B62
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00141663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00141663
    Source: mdPov8VTwi.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: mdPov8VTwi.exeBinary or memory string: Shell_TrayWnd
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00100698 cpuid 0_2_00100698
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0013D21C GetLocalTime,0_2_0013D21C
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0013D27A GetUserNameW,0_2_0013D27A
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_0011B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_0011B952
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_000E42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_000E42DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: mdPov8VTwi.exe PID: 6432, type: MEMORYSTR
    Source: mdPov8VTwi.exeBinary or memory string: WIN_81
    Source: mdPov8VTwi.exeBinary or memory string: WIN_XP
    Source: mdPov8VTwi.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: mdPov8VTwi.exeBinary or memory string: WIN_XPe
    Source: mdPov8VTwi.exeBinary or memory string: WIN_VISTA
    Source: mdPov8VTwi.exeBinary or memory string: WIN_7
    Source: mdPov8VTwi.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: mdPov8VTwi.exe PID: 6432, type: MEMORYSTR
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00161204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00161204
    Source: C:\Users\user\Desktop\mdPov8VTwi.exeCode function: 0_2_00161806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00161806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials11
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1575753 Sample: mdPov8VTwi.exe Startdate: 16/12/2024 Architecture: WINDOWS Score: 80 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Credential Flusher 2->61 63 3 other signatures 2->63 8 mdPov8VTwi.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 214 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.110, 443, 49723, 49724 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49725, 49731, 49732 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    mdPov8VTwi.exe22%VirustotalBrowse
    mdPov8VTwi.exe37%ReversingLabsWin32.Trojan.Amadey
    mdPov8VTwi.exe100%AviraTR/ATRAPS.Gen
    mdPov8VTwi.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%VirustotalBrowse
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%VirustotalBrowse

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://contile.services.mozilla.com0mkc0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		high
      star-mini.c10r.facebook.com
      		157.240.196.35
      		truefalse
        		high
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		high
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		high
            twitter.com
            		104.244.42.65
            		truefalse
              		high
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		high
                services.addons.mozilla.org
                		151.101.1.91
                		truefalse
                  		high
                  dyna.wikimedia.org
                  		185.15.58.224
                  		truefalse
                    		high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		high
                      contile.services.mozilla.com
                      		34.117.188.166
                      		truefalse
                        		high
                        youtube.com
                        		142.250.181.110
                        		truefalse
                          		high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          		34.160.144.191
                          		truefalse
                            		high
                            youtube-ui.l.google.com
                            		142.250.181.142
                            		truefalse
                              		high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              		34.149.128.2
                              		truefalse
                                		high
                                reddit.map.fastly.net
                                		151.101.65.140
                                		truefalse
                                  		high
                                  ipv4only.arpa
                                  		192.0.0.171
                                  		truefalse
                                    		high
                                    prod.ads.prod.webservices.mozgcp.net
                                    		34.117.188.166
                                    		truefalse
                                      		high
                                      push.services.mozilla.com
                                      		34.107.243.93
                                      		truefalse
                                        		high
                                        normandy-cdn.services.mozilla.com
                                        		35.201.103.21
                                        		truefalse
                                          		high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          		34.120.208.123
                                          		truefalse
                                            		high
                                            www.reddit.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              spocs.getpocket.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                content-signature-2.cdn.mozilla.net
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  support.mozilla.org
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    firefox.settings.services.mozilla.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.youtube.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.facebook.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          detectportal.firefox.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            normandy.cdn.mozilla.net
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              shavar.services.mozilla.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                www.wikipedia.org
                                                                		unknown
                                                                		unknownfalse
                                                                  		high

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000012.00000002.3628423249.000002A4AE4C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3627331482.0000019F41CC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://detectportal.firefox.com/firefox.exe, 0000000E.00000003.2625693085.000001F16556C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://youtube.com/account?=https://ac1firefox.exe, 00000012.00000002.3627248548.000002A4AE3B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://datastudio.google.com/embed/reporting/firefox.exe, 0000000E.00000003.2511825184.000001F1676DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2580036783.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2561964520.000001F16DC89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2582486339.000001F16692E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2557913149.000001F1676D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.mozilla.com0gmpopenh264.dll.tmp.14.drfalse
                                                                                		high
                                                                                https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000012.00000002.3628423249.000002A4AE486000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3627331482.0000019F41C8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://json-schema.org/draft/2019-09/schema.firefox.exe, 0000000E.00000003.2609869937.000001F166333000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.leboncoin.fr/firefox.exe, 0000000E.00000003.2463629903.000001F166C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://spocs.getpocket.com/spocsfirefox.exe, 0000000E.00000003.2627536834.000001F165475000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://shavar.services.mozilla.comfirefox.exe, 0000000E.00000003.2592976334.000001F16794A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.2427572346.000001F164C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428187009.000001F164E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427988264.000001F164E31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427819002.000001F164E0F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000E.00000003.2626672960.000001F1654C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2626672960.000001F1654B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000E.00000003.2611593584.000001F16DDB9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://contile.services.mozilla.com0mkcfirefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623755065.000001F168EC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000E.00000003.2567628369.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.2562902700.000001F16D742000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2620387968.000001F165CEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428187009.000001F164E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2534990398.000001F1664AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427988264.000001F164E31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427819002.000001F164E0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2469948483.000001F1664AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.msn.comfirefox.exe, 0000000E.00000003.2595764021.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576622843.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624740210.000001F16726D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.2427572346.000001F164C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427988264.000001F164E31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427819002.000001F164E0F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-deffirefox.exe, 0000000E.00000003.2467488570.000001F166249000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://youtube.com/firefox.exe, 0000000E.00000003.2590576777.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576622843.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592285796.000001F168361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2624740210.000001F16726D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2604230312.000001F1673D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569079046.000001F168361000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576472005.000001F1673D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://json-schema.org/draft/2020-12/schema/=firefox.exe, 0000000E.00000003.2609869937.000001F166333000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://youtube.com/account?=https://acfirefox.exe, 00000015.00000002.3630677318.0000019F41D50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 0000000E.00000003.2612036079.000001F16DD63000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.instagram.com/firefox.exe, 0000000E.00000003.2478284977.000001F1668A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2481417123.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2480372032.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2482073781.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2481030215.000001F16689F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2479712459.000001F1668A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.14.drfalse
                                                                                                                                          		high
                                                                                                                                          https://www.amazon.com/firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://www.youtube.com/firefox.exe, 00000015.00000002.3627331482.0000019F41C0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://MD8.mozilla.org/1/mfirefox.exe, 0000000E.00000003.2562902700.000001F16D73A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000E.00000003.2612036079.000001F16DD63000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000012.00000002.3628423249.000002A4AE4C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3627331482.0000019F41CC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://127.0.0.1:firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000E.00000003.2511031032.000001F1653B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000E.00000003.2469948483.000001F166493000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://mitmdetection.services.mozilla.com/firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://youtube.com/account?=recovery.jsonlz4.tmp.14.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://shavar.services.mozilla.com/firefox.exe, 0000000E.00000003.2622703770.000001F16EF49000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://youtube.com/account?=https://accounts.googlfirefox.exe, 00000010.00000002.3626587942.0000024D9FE4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://spocs.getpocket.com/firefox.exe, 0000000E.00000003.2627536834.000001F165475000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2567628369.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3628423249.000002A4AE412000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3627331482.0000019F41C13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000E.00000003.2567628369.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000E.00000003.2563987526.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E47000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.2511031032.000001F1653F8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2469948483.000001F166485000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2607805440.000001F166A8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595471076.000001F1673D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2512526295.000001F1653C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2475761299.000001F16674B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2483793289.000001F165FD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592041426.000001F168399000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2592449832.000001F16834A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2470897314.000001F16649A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2567628369.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2522635466.000001F168BA0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2584665255.000001F1653E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2555252996.000001F1651A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2469948483.000001F166493000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2575542705.000001F167537000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2539021058.000001F16516E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2537116626.000001F166299000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2536671828.000001F166485000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2534990398.000001F1664E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2483793289.000001F165FEE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://account.bellmedia.cfirefox.exe, 0000000E.00000003.2595764021.000001F16723E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576622843.000001F16723E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://login.microsoftonline.comfirefox.exe, 0000000E.00000003.2595764021.000001F16724D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2576622843.000001F16724D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.14.drfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839firefox.exe, 0000000E.00000003.2467488570.000001F166249000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://x1.c.lencr.org/0firefox.exe, 0000000E.00000003.2579839574.000001F16ED8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://x1.i.lencr.org/0firefox.exe, 0000000E.00000003.2579839574.000001F16ED8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000000E.00000003.2563987526.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2613654716.000001F168E47000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://blocked.cdn.mozilla.net/firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000E.00000003.2612554709.000001F16D6F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2463629903.000001F166C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://profiler.firefox.comfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://identity.mozilla.com/apps/relayfirefox.exe, 0000000E.00000003.2604117797.000001F167711000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2574751767.000001F16770B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2595342175.000001F16770E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000E.00000003.2602840065.000001F167A5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2569837982.000001F167A5D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000E.00000003.2511031032.000001F1653B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 0000000E.00000003.2612036079.000001F16DD63000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000E.00000003.2623896054.000001F168EAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://www.amazon.co.uk/firefox.exe, 0000000E.00000003.2463629903.000001F166C67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000E.00000003.2597988138.000001F16EE64000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://monitor.firefox.com/user/preferencesfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://screenshots.firefox.com/firefox.exe, 0000000E.00000003.2427819002.000001F164E0F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://www.google.com/searchfirefox.exe, 0000000E.00000003.2427572346.000001F164C00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2428187009.000001F164E52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2534990398.000001F1664AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427988264.000001F164E31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2427819002.000001F164E0F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2469948483.000001F1664AB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://gpuweb.github.io/gpuweb/firefox.exe, 0000000E.00000003.2567628369.000001F168C21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2590576777.000001F168C21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://relay.firefox.com/api/v1/firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    http://json-schema.org/draft-07/schema#-firefox.exe, 0000000E.00000003.2609869937.000001F166333000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://topsites.services.mozilla.com/cid/firefox.exe, 00000010.00000002.3631690054.0000024DA0240000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3626691923.000002A4AE320000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3626917967.0000019F41A60000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://www.wykop.pl/firefox.exe, 0000000E.00000003.2627536834.000001F165481000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://twitter.com/firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://www.olx.pl/firefox.exe, 0000000E.00000003.2627536834.000001F165481000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_firefox.exe, 00000010.00000002.3628320789.0000024DA01C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3628423249.000002A4AE4E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3631444606.0000019F41F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://www.google.com/complete/searchfirefox.exe, 0000000E.00000003.2451661027.000001F16D4DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2452530925.000001F16D4E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2454083674.000001F16D48F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://getpocket.com/firefox/new_tab_learn_more/firefox.exe, 0000000E.00000003.2613654716.000001F168E5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2623943292.000001F168E89000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2563987526.000001F168E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2566530912.000001F168E5B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgfirefox.exe, 00000010.00000002.3628320789.0000024DA01C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3628423249.000002A4AE4E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3631444606.0000019F41F03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                        151.101.1.91
                                                                                                                                                                                                                                                                        		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                        		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                        34.149.100.209
                                                                                                                                                                                                                                                                        		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                        34.107.243.93
                                                                                                                                                                                                                                                                        		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        142.250.181.110
                                                                                                                                                                                                                                                                        		youtube.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        34.107.221.82
                                                                                                                                                                                                                                                                        		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        35.244.181.201
                                                                                                                                                                                                                                                                        		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        34.117.188.166
                                                                                                                                                                                                                                                                        		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                        35.201.103.21
                                                                                                                                                                                                                                                                        		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        35.190.72.216
                                                                                                                                                                                                                                                                        		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        34.160.144.191
                                                                                                                                                                                                                                                                        		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                        34.120.208.123
                                                                                                                                                                                                                                                                        		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                        Private

                                                                                                                                                                                                                                                                        IP
                                                                                                                                                                                                                                                                        127.0.0.1

                                                                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                        Analysis ID:1575753
                                                                                                                                                                                                                                                                        Start date and time:2024-12-16 09:52:17 +01:00
                                                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                        Overall analysis duration:0h 7m 40s
                                                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                        Number of analysed new started processes analysed:22
                                                                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                        Sample name:mdPov8VTwi.exe
                                                                                                                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                                                                                                                        Original Sample Name:1993ad089d3aac67b807530545d56ec3.exe
                                                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                                                        Classification:mal80.troj.evad.winEXE@34/34@66/12
                                                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                                                        • Successful, ratio: 50%
                                                                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                                                                        • Successful, ratio: 96%
                                                                                                                                                                                                                                                                        • Number of executed functions: 49
                                                                                                                                                                                                                                                                        • Number of non-executed functions: 294
                                                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 54.213.181.160, 35.85.93.176, 44.228.225.150, 142.250.181.138, 172.217.17.46, 88.221.134.209, 88.221.134.155, 23.218.208.109, 172.202.163.200
                                                                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                                                                        03:53:50API Interceptor1x Sleep call for process: firefox.exe modified

                                                                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        34.117.188.166file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                            nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                              6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                            151.101.1.91nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                34.149.100.209nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                    example.orgfile.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                    star-mini.c10r.facebook.comhttps://zde.soundestlink.com/ce/c/675fab7ba82aca38b8d991e6/675fabf585cd17d1e3e2bb78/675fac13057112d43b540576?signature=da009f44f7cd45aeae4fbb5addf15ac91fbf725bb5e9405183f25bf1db8c8baaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    https://fsharetv.co/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    https://qr.me-qr.com/nl/sWBHqqwxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                    twitter.comnmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                    6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                    6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 104.244.42.65

                                                                                                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                    FASTLYUShttps://cavotec-au.sharefile.com/public/share/web-1271a93971714a91Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                    https://omnirayoprah.cfd/orzbqGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                    https://zde.soundestlink.com/ce/c/675fab7ba82aca38b8d991e6/675fabf585cd17d1e3e2bb78/675fac13057112d43b540576?signature=da009f44f7cd45aeae4fbb5addf15ac91fbf725bb5e9405183f25bf1db8c8baaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                    https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-7DW79067WM944534C%2FU-3RN06382B68072443%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=mv2NVEuUR9VvkcyUJ89EG.tzUFO5CbJFQUTSWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-7DW79067WM944534C%2FU-3RN06382B68072443%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3Dmv2NVEuUR9VvkcyUJ89EG.tzUFO5CbJFQUTSWg%22%7D%7D&flowContextData=3VhkG6GfeMFpPs0RyY94VfaPuu2gnDuZkT0vO2-Owy5Q0TLELhHoBl0C3rYOuScB-P1puLFiHoe8q1yHNkorMrsQ-kVAt54br43PgY3iTrhwRm0aS_TYpgjIbliH5dfDJJr3q03bJkAa9vLd7Cr3oAjCQ5rfmoQCALWFn-qszHw7Rd_aj20-SECud0ZSxh-oKENUYjnmdRqAckr48r-ddvc-Vgo4zQnu7JkI5YB_1CxdutYkC-X7iD96T-7aDJhAmyxkfGKQ53prsK5Kys2hLiVrkCjSURM1RSmWzlwznlByQzHhv1R0VrGdaW03mCZt_U0pKOeWAwiNac8f&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=16a0a3c3-b960-11ef-862e-f3094488c6dd&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=16a0a3c3-b960-11ef-862e-f3094488c6dd&calc=f53338153f55e&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.295.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signinGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.193.21
                                                                                                                                                                                                                                                                                                                                    http://18.224.21.137/FFmnpShhHMMWeIqsVa2rJ69xinQlZ-7450Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                    https://fsharetv.co/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.65.16
                                                                                                                                                                                                                                                                                                                                    IGz.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                    • 167.83.97.28
                                                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                    6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                    GOOGLE-AS-APGoogleAsiaPacificPteLtdSGarm6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.117.135.65
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                    armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.119.157.208
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                    6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                    6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                    ATGS-MMD-ASUS1.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 192.56.124.79
                                                                                                                                                                                                                                                                                                                                    arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 56.55.47.44
                                                                                                                                                                                                                                                                                                                                    arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 32.250.10.46
                                                                                                                                                                                                                                                                                                                                    sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 51.237.32.223
                                                                                                                                                                                                                                                                                                                                    ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 48.169.33.91
                                                                                                                                                                                                                                                                                                                                    mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 33.210.242.0
                                                                                                                                                                                                                                                                                                                                    arm6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 51.230.252.202
                                                                                                                                                                                                                                                                                                                                    m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 48.201.186.239
                                                                                                                                                                                                                                                                                                                                    arm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 33.22.199.122
                                                                                                                                                                                                                                                                                                                                    x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    • 51.232.54.151

                                                                                                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                    fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                    6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                    6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91

                                                                                                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpnmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                              6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_80366d87-af8d-4b3b-9004-75ab738fa99c.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.173791878257956
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:192:uBMXgCdcbhbVbTbfbRbObtbyEl7nMrdJA6unSrDtTkdxSofu:uiVcNhnzFSJsrY1nSrDhkdxa
                                                                                                                                                                                                                                                                                                                                                                            MD5:BBD631674312540A69EB214500BDAAF0
                                                                                                                                                                                                                                                                                                                                                                            SHA1:6565A00885991C43BA8BDC9CA00A9F7607CBFE34
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:1D75A36A0427F19017F3B4D0AC895360281EADD44C0F1A8ABDB3509C9BCED9C3
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:72CF321C61EE6E12FF43675A4E561054FB6FFD67A8ADE7955A556BA368218B0D3C55B49EF4A9D4668A558B598D791FA2B8A25029300D5AC2F8A9DA3F2C1EBF43
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"type":"uninstall","id":"80366d87-af8d-4b3b-9004-75ab738fa99c","creationDate":"2024-12-16T10:11:47.799Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_80366d87-af8d-4b3b-9004-75ab738fa99c.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.173791878257956
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:192:uBMXgCdcbhbVbTbfbRbObtbyEl7nMrdJA6unSrDtTkdxSofu:uiVcNhnzFSJsrY1nSrDhkdxa
                                                                                                                                                                                                                                                                                                                                                                            MD5:BBD631674312540A69EB214500BDAAF0
                                                                                                                                                                                                                                                                                                                                                                            SHA1:6565A00885991C43BA8BDC9CA00A9F7607CBFE34
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:1D75A36A0427F19017F3B4D0AC895360281EADD44C0F1A8ABDB3509C9BCED9C3
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:72CF321C61EE6E12FF43675A4E561054FB6FFD67A8ADE7955A556BA368218B0D3C55B49EF4A9D4668A558B598D791FA2B8A25029300D5AC2F8A9DA3F2C1EBF43
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"type":"uninstall","id":"80366d87-af8d-4b3b-9004-75ab738fa99c","creationDate":"2024-12-16T10:11:47.799Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                            MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                            SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                                            MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                                            SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.932773415264831
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLA88P:gXiNFS+OcUGOdwiOdwBjkYLA88P
                                                                                                                                                                                                                                                                                                                                                                            MD5:7FCF691D574C9D91C76417EBB780AFCC
                                                                                                                                                                                                                                                                                                                                                                            SHA1:6DAFA305693117523902DDC94247CD5D0260A41A
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:0F9CE85B60E27040CC3F9B3AA2B03061A67E7ADB75D0F3EE3FBA3E2BC32C5E17
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:0B32614761F15294115744A2EBA045B57D41CCC1DD11FCBA8E2DF71AC1C22C5C5BFEFA9643ACA2C611B8BF7DE1CB924057AB5A4C88109C0263D74F957808D126
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.932773415264831
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLA88P:gXiNFS+OcUGOdwiOdwBjkYLA88P
                                                                                                                                                                                                                                                                                                                                                                            MD5:7FCF691D574C9D91C76417EBB780AFCC
                                                                                                                                                                                                                                                                                                                                                                            SHA1:6DAFA305693117523902DDC94247CD5D0260A41A
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:0F9CE85B60E27040CC3F9B3AA2B03061A67E7ADB75D0F3EE3FBA3E2BC32C5E17
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:0B32614761F15294115744A2EBA045B57D41CCC1DD11FCBA8E2DF71AC1C22C5C5BFEFA9643ACA2C611B8BF7DE1CB924057AB5A4C88109C0263D74F957808D126
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                                            MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                                            SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                                            MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                                            SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                            MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                            SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                            MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                            SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                                            MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                                            SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                            MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                            SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                            MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                            SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.185052013683835
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                                                                                                                                                                                            MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                                                                                                                                                                                            SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.185052013683835
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                                                                                                                                                                                            MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                                                                                                                                                                                            SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                            MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                            SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                            MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                            SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                            • Filename: nmy4mJXEaz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: nmy4mJXEaz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                            MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                            SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                            • Filename: nmy4mJXEaz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: nmy4mJXEaz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                            MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                            SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                            MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                            SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0733172216436143
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zki+:DLhesh7Owd4+ji+
                                                                                                                                                                                                                                                                                                                                                                            MD5:28A5A7D3CBECED8E35C0F8F9AAEA771D
                                                                                                                                                                                                                                                                                                                                                                            SHA1:3C71C8DE66FDE386B33E9EA55D529C8616E74CE9
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:CCB05349FC6B3FBD96106ABF7EAF5A9146B8845521813C8ADC08499EA82BDD99
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:CD591173292E32CC09E0269BF8155573801D5CEF9FF8B49E372FFC8C3235A72AACF41EDED8C83D7A1BC6B2D8F52F4FC906A51EB45DE390A092621457C463459A
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.035822017202226504
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:6:GtWteZ5it7hlmMzj4/tWteZ5it7hlmMz7Z89XuM:YYCMP4vYCMXZsuM
                                                                                                                                                                                                                                                                                                                                                                            MD5:EC83C6915FC5D233DA9FF0532D662A63
                                                                                                                                                                                                                                                                                                                                                                            SHA1:C9BC0930A405B340614B32A7A2315036422BF388
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:9BDB2DF2CEED9EC2B5F93161BE87DBE8D03F290F2BE9935A63A15A9645D0E8EF
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:41AA9D691140164702D37939B82F83073683BD9191F03C700B125DFB6662B83E4269F83103F0679F0182F3C0BF25D9F541EB8CC3E4A8094015F86018D3C58826
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:..-........................A.G?C....j......l.@...-........................A.G?C....j......l.@.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.034838954259363224
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:Ol1DPgS1aSclEXSKSrV//mwl8XW3R2:KZHGlECJpuw93w
                                                                                                                                                                                                                                                                                                                                                                            MD5:4E7C6E8BE382DEE7F1B3C41260FD8AD8
                                                                                                                                                                                                                                                                                                                                                                            SHA1:142C3705AAF8C63534036E88F8DC881C2119BA4D
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:9C88DE4804B284AA6C3889ABE1501F18C0F14E12CFA2C8E3CAD5D2E2F56EDFC2
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:2FDC01AD38636604FE6338783F318979EBDDB76F90087218FDF277317851E68CCA7A0CC098CC33D8701670701845782951142012D5645A5836CC7FE0F4D9B2EB
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:7....-..............j......>.|.............j...A...C?G.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):14081
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.466372634866609
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:192:znTFTRRUYbBp6ALZNMGaXr6qU44R6uzy+/3/7A35RYiNBw8daSl:/KepFNMSVVyCydwF0
                                                                                                                                                                                                                                                                                                                                                                            MD5:043BD956F5735895C5657758740B171B
                                                                                                                                                                                                                                                                                                                                                                            SHA1:87D0ABA69CF0319209A5111C025542276A326E53
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:FB0619FC3F5B120BED8B9990CFB47DF1BACA5C56CE41092406B781F576D0702D
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:9028A9815CD2AD47404CADC00D3789FB5ABA47D3CC497E96C721607648A60AF8517D8448CF3536E40ECCA9A110A01912FDD7F60918F777B0693C69B9CCADEB6C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734343878);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734343878);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734343878);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173434

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):14081
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.466372634866609
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:192:znTFTRRUYbBp6ALZNMGaXr6qU44R6uzy+/3/7A35RYiNBw8daSl:/KepFNMSVVyCydwF0
                                                                                                                                                                                                                                                                                                                                                                            MD5:043BD956F5735895C5657758740B171B
                                                                                                                                                                                                                                                                                                                                                                            SHA1:87D0ABA69CF0319209A5111C025542276A326E53
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:FB0619FC3F5B120BED8B9990CFB47DF1BACA5C56CE41092406B781F576D0702D
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:9028A9815CD2AD47404CADC00D3789FB5ABA47D3CC497E96C721607648A60AF8517D8448CF3536E40ECCA9A110A01912FDD7F60918F777B0693C69B9CCADEB6C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734343878);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734343878);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734343878);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173434

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                                            MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                                            SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                            MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                            SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                            MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                            SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1568
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.340556318622307
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:v+USUGlcAxShcLXnIgn/pnxQwRlsfT5sKL+3eHVvwKXToTamhujJmyOOxmOmaoRm:GUpOx2cpnR2C3eNwCToT4JNKRh4
                                                                                                                                                                                                                                                                                                                                                                            MD5:3240A44649EE8545632BDF1D04B914B2
                                                                                                                                                                                                                                                                                                                                                                            SHA1:991CCF30C225B9151C79311C5325E1DDB3FC4E27
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:92E379B929E4AC5F455951382505C373DFF70E8E3BAA111A5B006D507F28644B
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:F6F2DD46AD35808D5E4E9DAAE9DA97AE188C5E9A98B23A8AE7BAB865E89D1F6546513F72C8EDDA3947E66FB3EA2A350FF260212EA3D42799F8A0BA7B854403B8
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{9f316c80-f2c0-4759-9d19-d9c9e6894855}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734343882964,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758..qdth":11....eight":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P47446...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...55923,"originA...."fir

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1568
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.340556318622307
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:v+USUGlcAxShcLXnIgn/pnxQwRlsfT5sKL+3eHVvwKXToTamhujJmyOOxmOmaoRm:GUpOx2cpnR2C3eNwCToT4JNKRh4
                                                                                                                                                                                                                                                                                                                                                                            MD5:3240A44649EE8545632BDF1D04B914B2
                                                                                                                                                                                                                                                                                                                                                                            SHA1:991CCF30C225B9151C79311C5325E1DDB3FC4E27
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:92E379B929E4AC5F455951382505C373DFF70E8E3BAA111A5B006D507F28644B
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:F6F2DD46AD35808D5E4E9DAAE9DA97AE188C5E9A98B23A8AE7BAB865E89D1F6546513F72C8EDDA3947E66FB3EA2A350FF260212EA3D42799F8A0BA7B854403B8
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{9f316c80-f2c0-4759-9d19-d9c9e6894855}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734343882964,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758..qdth":11....eight":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P47446...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...55923,"originA...."fir

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1568
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.340556318622307
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:v+USUGlcAxShcLXnIgn/pnxQwRlsfT5sKL+3eHVvwKXToTamhujJmyOOxmOmaoRm:GUpOx2cpnR2C3eNwCToT4JNKRh4
                                                                                                                                                                                                                                                                                                                                                                            MD5:3240A44649EE8545632BDF1D04B914B2
                                                                                                                                                                                                                                                                                                                                                                            SHA1:991CCF30C225B9151C79311C5325E1DDB3FC4E27
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:92E379B929E4AC5F455951382505C373DFF70E8E3BAA111A5B006D507F28644B
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:F6F2DD46AD35808D5E4E9DAAE9DA97AE188C5E9A98B23A8AE7BAB865E89D1F6546513F72C8EDDA3947E66FB3EA2A350FF260212EA3D42799F8A0BA7B854403B8
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{9f316c80-f2c0-4759-9d19-d9c9e6894855}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734343882964,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758..qdth":11....eight":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P47446...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...55923,"originA...."fir

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 4, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):2.042811512334329
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:JBkSldh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jkSWEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                                            MD5:21235938025E2102017AC8C9748948A4
                                                                                                                                                                                                                                                                                                                                                                            SHA1:A1EED1C4588724A8396C95FC9923C0A33B360FF8
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:E34B06B180E3F73DC8E441650BB7FE694A9D58E927412D6ED40B0852B784824E
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:D334B419A2A75179C17D7F53BF65FCC132ADE03B21059F0007ACDBB08284A281D8CE1C1CC598E6A070024D0DAE158E2E9618E121342BE068E87A051FE33D6061
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.00828359993172
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:YrSAYOHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJFde:ycOCTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                            MD5:E6D0E00EBD08C7C9F07F5B40C4A4167D
                                                                                                                                                                                                                                                                                                                                                                            SHA1:F49F6C1E986E291D9F4C7FAAD59FD48EA8E0B9A0
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:9E066DE05F8AA633F39263954430AAD9BC141889902A1EEE2763AC3BF1771C08
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:C162AD8253386777BCEDF9CE9B777EF68FCD5C8CD28329B4D6828AFEEE0DA42CF4A19A8380CACE1EDA097CDEBB06BCA63958BB49CD99881EE295F7C5F97F6184
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-16T10:11:03.218Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.00828359993172
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:YrSAYOHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJFde:ycOCTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                            MD5:E6D0E00EBD08C7C9F07F5B40C4A4167D
                                                                                                                                                                                                                                                                                                                                                                            SHA1:F49F6C1E986E291D9F4C7FAAD59FD48EA8E0B9A0
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:9E066DE05F8AA633F39263954430AAD9BC141889902A1EEE2763AC3BF1771C08
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:C162AD8253386777BCEDF9CE9B777EF68FCD5C8CD28329B4D6828AFEEE0DA42CF4A19A8380CACE1EDA097CDEBB06BCA63958BB49CD99881EE295F7C5F97F6184
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-16T10:11:03.218Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.690216348347299
                                                                                                                                                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                                            File name:mdPov8VTwi.exe
                                                                                                                                                                                                                                                                                                                                                                            File size:964'608 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5:1993ad089d3aac67b807530545d56ec3
                                                                                                                                                                                                                                                                                                                                                                            SHA1:d0915d407850675757b009f5f3e638278421840c
                                                                                                                                                                                                                                                                                                                                                                            SHA256:a28740f6aff30052e217cb6960de51b5697248ed6902340ad275c0d4e832c763
                                                                                                                                                                                                                                                                                                                                                                            SHA512:c75c3c597a7de50e05181e5f0e951e041e565b22781e9deda49a2e71efe0a87d0e250c06ee8db65b5f5a36a1c747053881728a0961a7bdf7d6509935f84d61bf
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24576:zqDEvCTbMWu7rQYlBQcBiT6rprG8arP0:zTvC/MTQYxsWR7ar
                                                                                                                                                                                                                                                                                                                                                                            TLSH:89259E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                                            File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                                                                                                                                                            Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                            Time Stamp:0x675FC5C7 [Mon Dec 16 06:16:39 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                            OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                                            OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                            File Version Major:5
                                                                                                                                                                                                                                                                                                                                                                            File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                                            Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                            Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                                                                                                                                                            call 00007FF34CEE7C03h
                                                                                                                                                                                                                                                                                                                                                                            jmp 00007FF34CEE750Fh
                                                                                                                                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                                                                                                                                                            push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                            mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                            call 00007FF34CEE76EDh
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                            mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                            pop esi
                                                                                                                                                                                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                                                                                                                                                                                            retn 0004h
                                                                                                                                                                                                                                                                                                                                                                            and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                            mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                            and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                                                                                                                                                            push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                            mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                            call 00007FF34CEE76BAh
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                            mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                            pop esi
                                                                                                                                                                                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                                                                                                                                                                                            retn 0004h
                                                                                                                                                                                                                                                                                                                                                                            and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                            mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                            and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                                                                                                                                                            mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                            lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                            and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                                            and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                                                                                                                                            mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                            add eax, 04h
                                                                                                                                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                                                                                                                                            call 00007FF34CEEA2ADh
                                                                                                                                                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                                                                                                                                                            mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                            pop esi
                                                                                                                                                                                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                                                                                                                                                                                            retn 0004h
                                                                                                                                                                                                                                                                                                                                                                            lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                                                                                                                                            call 00007FF34CEEA2F8h
                                                                                                                                                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                                                                                                                                                            mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                            lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                                                                                                                                            call 00007FF34CEEA2E1h
                                                                                                                                                                                                                                                                                                                                                                            test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                                            pop ecx

                                                                                                                                                                                                                                                                                                                                                                            Rich Headers

                                                                                                                                                                                                                                                                                                                                                                            Programming Language:
                                                                                                                                                                                                                                                                                                                                                                            • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                            • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x14c64.rsrc
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xe90000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                            .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                            .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                            .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                            .rsrc0xd40000x14c640x14e00f9d330295aae50f96eaff8ea65343f3dFalse0.6800383607784432data7.093705553194967IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                            .reloc0xe90000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                                            RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                                            RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                                            RT_RCDATA0xdc8fc0xbde8data1.000431956557512
                                                                                                                                                                                                                                                                                                                                                                            RT_GROUP_ICON0xe86e40x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                                            RT_GROUP_ICON0xe875c0x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                            RT_GROUP_ICON0xe87700x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                                            RT_GROUP_ICON0xe87840x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                            RT_VERSION0xe87980xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                                            RT_MANIFEST0xe88740x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                                                                                                                                                                            WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                                            VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                                            WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                                            COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                                            MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                                            WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                                            PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                                            IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                                            USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                                            UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                                            KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                                            USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                                            GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                                            COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                                            ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                                            SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                                            ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                                            OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                            EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.776376963 CET49722443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.776413918 CET4434972235.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.776743889 CET49722443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.782273054 CET49722443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.782293081 CET4434972235.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.782771111 CET49723443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.782803059 CET44349723142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.782871962 CET49723443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.782926083 CET49724443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.783050060 CET44349724142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.783112049 CET49724443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.784301043 CET49723443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.784316063 CET44349723142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.785640001 CET49724443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.785681963 CET44349724142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.790185928 CET4972580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.909894943 CET804972534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.913897991 CET4972580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.914064884 CET4972580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.033749104 CET804972534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.438945055 CET49726443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.438990116 CET4434972634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.439238071 CET49726443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.440727949 CET49726443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.440746069 CET4434972634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.568726063 CET49727443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.568772078 CET4434972735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.568921089 CET49727443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.569032907 CET49727443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.569045067 CET4434972735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.962858915 CET49729443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.962927103 CET4434972934.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.963146925 CET49729443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.964910030 CET49729443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.964947939 CET4434972934.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.999999046 CET4434972235.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.000138998 CET49722443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.005693913 CET804972534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.009893894 CET49722443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.009907007 CET4434972235.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.010016918 CET49722443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.010173082 CET4434972235.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.010241032 CET49722443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.064131021 CET4972580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.183995962 CET804972534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.218605042 CET49730443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.218648911 CET4434973034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.219238997 CET49730443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.219373941 CET49730443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.219383955 CET4434973034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.220053911 CET4973180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.339976072 CET804973134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.340390921 CET4973180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.340617895 CET4973180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.379321098 CET804972534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.431476116 CET4972580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.460268021 CET804973134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.468641043 CET4973180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.476510048 CET4973280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.482178926 CET44349724142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.482300997 CET44349723142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.483222008 CET44349724142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.483259916 CET44349723142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.483477116 CET49723443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.483478069 CET49724443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.483484983 CET44349723142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.483498096 CET44349724142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.490433931 CET49723443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.490447998 CET44349723142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.490555048 CET49723443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.490695000 CET44349723142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.493161917 CET49724443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.493201017 CET44349724142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.493240118 CET49724443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.493388891 CET44349724142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.495237112 CET49723443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.496514082 CET49724443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.596268892 CET804973234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.596353054 CET4973280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.596543074 CET4973280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.629340887 CET804973134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.662985086 CET4434972634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.663094997 CET49726443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.668478012 CET49726443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.668504953 CET4434972634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.668607950 CET49726443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.668715954 CET4434972634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.669130087 CET49726443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.669132948 CET49734443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.669176102 CET4434973434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.669275045 CET49734443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.670641899 CET49734443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.670654058 CET4434973434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.716320992 CET804973234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.784060955 CET4434972735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.787647963 CET49727443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.791333914 CET49727443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.791357040 CET4434972735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.791630030 CET4434972735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.792946100 CET49727443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.792946100 CET49727443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.793097973 CET4434972735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.793204069 CET49727443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.793204069 CET49727443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.008954048 CET4972580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.011317015 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.129358053 CET804972534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.129431009 CET4972580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.131072998 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.131155014 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.131356001 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.189371109 CET4434972934.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.191390991 CET49729443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.198162079 CET49729443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.198204994 CET4434972934.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.198323965 CET49729443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.198451996 CET4434972934.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.198782921 CET49729443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.231602907 CET804973134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.231669903 CET4973180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.251028061 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.333815098 CET49736443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.333863974 CET4434973634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.348947048 CET49736443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.350719929 CET49736443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.350743055 CET4434973634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.434093952 CET4434973034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.438195944 CET49730443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.441112995 CET49730443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.441119909 CET4434973034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.441437960 CET4434973034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.444514036 CET49730443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.444583893 CET49730443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.444708109 CET4434973034.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.446715117 CET49730443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.683654070 CET804973234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.683952093 CET4973280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.804574013 CET804973234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.806544065 CET4973280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.889592886 CET4434973434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.890261889 CET49734443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.893964052 CET49734443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.893964052 CET49734443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.893980026 CET4434973434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.894171953 CET4434973434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.894275904 CET49734443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:49.218630075 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:49.267102957 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:49.568429947 CET4434973634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:49.568450928 CET4434973634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:49.568516016 CET49736443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:49.574210882 CET49736443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:49.574225903 CET4434973634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:49.574322939 CET49736443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:49.574548006 CET4434973634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:49.574626923 CET49736443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.350992918 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.352349043 CET4973880192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.470804930 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.472114086 CET804973834.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.472364902 CET4973880192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.472501993 CET4973880192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.592236042 CET804973834.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.665340900 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.708302975 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.835339069 CET4973880192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.979146004 CET49741443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.979270935 CET4434974135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.979752064 CET49741443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.979912043 CET49741443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.979932070 CET4434974135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.997365952 CET804973834.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.047014952 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.048829079 CET49743443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.048861027 CET4434974334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.056000948 CET49743443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.057549953 CET49743443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.057570934 CET4434974334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.167766094 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.168132067 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.168426991 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.210002899 CET49744443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.210045099 CET4434974434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.210692883 CET49744443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.212441921 CET49744443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.212459087 CET4434974434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.288196087 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.342483044 CET49745443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.342521906 CET4434974534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.342611074 CET49745443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.344333887 CET49745443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.344350100 CET4434974534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.363437891 CET804973834.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.368072987 CET4973880192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.201713085 CET4434974135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.202542067 CET49741443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.210268021 CET49741443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.210282087 CET4434974135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.210580111 CET4434974135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.213964939 CET49741443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.213964939 CET49741443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.214160919 CET4434974135.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.214236975 CET49741443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.253932953 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.274859905 CET4434974334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.274877071 CET4434974334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.276752949 CET49743443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.282501936 CET49743443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.282521009 CET4434974334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.282592058 CET49743443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.282732964 CET4434974334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.282836914 CET49743443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.297197104 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.430581093 CET4434974434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.435350895 CET4434974434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.461249113 CET49744443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.470655918 CET49744443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.470655918 CET49744443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.470673084 CET4434974434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.470973015 CET4434974434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.486185074 CET49744443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.562768936 CET4434974534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.567337036 CET4434974534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.567401886 CET49745443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.578057051 CET49745443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.578057051 CET49745443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.578082085 CET4434974534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.578442097 CET4434974534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.587331057 CET49745443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.587347984 CET49745443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:54.635956049 CET49748443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:54.636007071 CET4434974834.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:54.636612892 CET49748443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:54.638063908 CET49748443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:54.638087988 CET4434974834.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:55.688431025 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:55.808214903 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:55.848659039 CET4434974834.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:55.851192951 CET49748443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:55.854861975 CET49748443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:55.854861975 CET49748443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:55.854880095 CET4434974834.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:55.855118990 CET4434974834.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:55.855216026 CET49748443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:55.979820013 CET49749443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:55.979856968 CET4434974934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:55.980118036 CET49749443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:55.981556892 CET49749443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:55.981568098 CET4434974934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.003088951 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.047359943 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.101752043 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.115267992 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.218326092 CET49750443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.218379974 CET4434975034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.218643904 CET49751443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.218679905 CET4434975134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.221184969 CET49750443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.221200943 CET49751443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.221350908 CET49750443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.221369982 CET4434975034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.221507072 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.221589088 CET49751443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.221605062 CET4434975134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.235300064 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.424233913 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.431744099 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.464176893 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.479876995 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.613790035 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.733732939 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.928775072 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.981424093 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:57.207385063 CET4434974934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:57.208431005 CET49749443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:57.431919098 CET4434975034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:57.432003975 CET49750443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:57.432240009 CET4434975134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:57.432302952 CET49751443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.314351082 CET49750443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.314383030 CET4434975034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.314830065 CET4434975034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.317374945 CET49751443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.317401886 CET4434975134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.317785025 CET4434975134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.320194006 CET49749443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.320209980 CET4434974934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.320298910 CET49749443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.320453882 CET4434974934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.320578098 CET49750443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.320620060 CET49750443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.320893049 CET4434975034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.323395014 CET49749443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.323438883 CET49750443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.370122910 CET49751443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.718779087 CET49751443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.719151020 CET4434975134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.719185114 CET49751443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.719201088 CET4434975134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.726684093 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.846339941 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.848635912 CET49755443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.848691940 CET4434975534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.850333929 CET49755443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.851819992 CET49755443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.851843119 CET4434975534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.931329966 CET4434975134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.931426048 CET49751443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:59.040771008 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:59.087826967 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:59.095330954 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:59.215205908 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:59.410069942 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:59.457814932 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:00.062499046 CET4434975534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:00.062624931 CET49755443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:01.072519064 CET49755443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:01.072534084 CET4434975534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:01.072797060 CET4434975534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:01.072860956 CET49755443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:01.073259115 CET49755443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:01.073270082 CET4434975534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.373450041 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.393253088 CET49756443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.393309116 CET4434975634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.393533945 CET49756443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.394983053 CET49756443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.395006895 CET4434975634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.493513107 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.691126108 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.694791079 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.733025074 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.815205097 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.009345055 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.056407928 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.607460976 CET4434975634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.607552052 CET49756443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.611901999 CET49756443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.611920118 CET4434975634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.612021923 CET49756443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.612107038 CET4434975634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.612266064 CET49756443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.614764929 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.734504938 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.929112911 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.932280064 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.974447012 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:05.052047968 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:05.247025013 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:05.290967941 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:05.941760063 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:06.061520100 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:06.256064892 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:06.259341955 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:06.309638023 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:06.379092932 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:06.573930979 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:06.626163960 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.849888086 CET49760443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.849945068 CET4434976034.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.852806091 CET49761443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.852823973 CET4434976135.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.853348017 CET49760443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.853579044 CET49761443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.853776932 CET49760443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.853794098 CET4434976034.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.855333090 CET49761443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.855349064 CET4434976135.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.973360062 CET49762443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.973411083 CET44349762151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.973939896 CET49762443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.974076033 CET49762443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.974091053 CET44349762151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.974906921 CET49763443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.974936962 CET4434976335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.975138903 CET49763443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.975234032 CET49763443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.975244045 CET4434976335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.004302025 CET49764443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.004336119 CET4434976435.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.004492998 CET49764443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.005911112 CET49764443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.005928040 CET4434976435.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.856066942 CET49765443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.856120110 CET4434976534.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.856411934 CET49765443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.857986927 CET49765443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.858004093 CET4434976534.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.065032005 CET4434976034.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.065115929 CET49760443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.066049099 CET4434976135.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.066241026 CET49761443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.068804979 CET49760443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.068815947 CET4434976034.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.069240093 CET4434976034.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.074091911 CET49760443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.074219942 CET49760443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.074350119 CET4434976034.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.074527025 CET49761443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.074527025 CET49761443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.074543953 CET4434976135.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.074724913 CET4434976135.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.074820995 CET49760443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.074820995 CET49761443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.079185009 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.185174942 CET4434976335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.185416937 CET49763443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.187993050 CET44349762151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.188062906 CET49762443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.188802004 CET49763443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.188813925 CET4434976335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.189071894 CET4434976335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.191737890 CET49762443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.191745043 CET44349762151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.192039967 CET44349762151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.194982052 CET49763443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.195091009 CET49763443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.195130110 CET4434976335.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.195185900 CET49762443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.195260048 CET49762443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.195383072 CET44349762151.101.1.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.195751905 CET49763443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.195842028 CET49762443192.168.2.6151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.198831081 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.204144001 CET49766443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.204200029 CET4434976635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.204605103 CET49766443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.204725981 CET49766443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.204739094 CET4434976635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.206227064 CET49767443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.206274033 CET4434976735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.206554890 CET49767443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.206679106 CET49767443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.206687927 CET4434976735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.208746910 CET49768443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.208786011 CET4434976835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.208858967 CET49768443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.209021091 CET49768443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.209036112 CET4434976835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.221314907 CET4434976435.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.221396923 CET49764443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.226186037 CET49764443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.226186037 CET49764443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.226200104 CET4434976435.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.226438046 CET4434976435.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.226603985 CET49764443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.236893892 CET49769443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.236921072 CET4434976934.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.237135887 CET49769443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.237242937 CET49769443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.237250090 CET4434976934.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.393285990 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.396972895 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.436805010 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.516690969 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.711839914 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.753192902 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.070590973 CET4434976534.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.072808981 CET49765443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.077492952 CET49765443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.077507019 CET4434976534.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.077584028 CET49765443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.077713966 CET4434976534.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.080806017 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.083872080 CET49765443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.200505972 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.394951105 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.400443077 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.416937113 CET4434976635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.417274952 CET4434976735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.418068886 CET4434976835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.423101902 CET49766443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.423330069 CET4434976835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.424043894 CET49768443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.424058914 CET49767443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.426140070 CET49766443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.426151991 CET4434976635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.426434040 CET4434976635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.432703972 CET49768443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.432720900 CET4434976835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.433136940 CET4434976835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.435303926 CET49767443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.435328007 CET4434976735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.435664892 CET4434976735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.439657927 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.439757109 CET49766443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.439843893 CET49766443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.439987898 CET4434976635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.440192938 CET49767443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.440248013 CET49767443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.440382957 CET4434976735.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.440603018 CET49768443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.440675974 CET49768443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.440783978 CET4434976835.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.445780039 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.446165085 CET4434976934.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.448086023 CET49766443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.448103905 CET49767443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.448143005 CET49769443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.448431969 CET49768443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.450997114 CET49769443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.451009989 CET4434976934.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.451308012 CET4434976934.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.453701973 CET49769443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.453779936 CET49769443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.453933954 CET4434976934.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.454803944 CET49769443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.520272017 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.565445900 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.715224981 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.756146908 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.759938002 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.763326883 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.809624910 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.883182049 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:17.078691959 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:17.126087904 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:26.776060104 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:26.898241997 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:27.092519045 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:27.218307972 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:36.093210936 CET49774443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:36.093262911 CET4434977434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:36.093708992 CET49774443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:36.095220089 CET49774443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:36.095237970 CET4434977434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:36.921328068 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.045066118 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.222286940 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.310888052 CET4434977434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.311026096 CET49774443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.316204071 CET49774443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.316242933 CET4434977434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.316291094 CET49774443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.316442013 CET4434977434.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.317070007 CET49774443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.318963051 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.342730045 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.439711094 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.634313107 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.637454987 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.676904917 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.757309914 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.952270031 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.993488073 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.370640039 CET49776443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.370695114 CET4434977634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.370790958 CET49777443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.370831966 CET4434977734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.370922089 CET49778443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.370934010 CET4434977834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.371041059 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.371057034 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.371148109 CET49780443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.371179104 CET4434978034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.371290922 CET49781443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.371319056 CET4434978134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.372601032 CET49777443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.372602940 CET49776443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.372618914 CET49780443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.372634888 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.372648001 CET49778443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.372747898 CET49776443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.372766018 CET4434977634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.372805119 CET49781443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.372930050 CET49781443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.372944117 CET4434978134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.373008013 CET49780443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.373025894 CET4434978034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.373078108 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.373092890 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.373141050 CET49778443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.373153925 CET4434977834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.373203993 CET49777443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.373215914 CET4434977734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.587367058 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.587459087 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.588301897 CET4434978134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.588601112 CET49781443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.590205908 CET4434977634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.590562105 CET4434978034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.590578079 CET4434977834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.590594053 CET4434977734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.591164112 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.591192007 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.591461897 CET49776443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.591459990 CET49780443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.591465950 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.591497898 CET49778443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.591717958 CET49777443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.594064951 CET49781443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.594078064 CET4434978134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.594367981 CET4434978134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.596487045 CET49780443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.596497059 CET4434978034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.596767902 CET4434978034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.599075079 CET49778443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.599087000 CET4434977834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.599354982 CET4434977834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.601747990 CET49776443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.601772070 CET4434977634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.602104902 CET4434977634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.604984999 CET49777443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.605006933 CET4434977734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.605278015 CET4434977734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.611706018 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.611989975 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.612166882 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.612175941 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.612302065 CET49781443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.612416983 CET49780443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.612500906 CET49778443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.612636089 CET49778443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.612658024 CET4434978034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.612684965 CET4434978134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.612690926 CET49780443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.612698078 CET4434977834.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.612700939 CET4434978034.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.612833977 CET49778443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.612843037 CET49780443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.613099098 CET49776443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.613120079 CET49781443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.613121033 CET49781443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.613369942 CET4434977634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.613523006 CET49776443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.613672972 CET49776443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.613689899 CET4434977634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.614326954 CET49782443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.614357948 CET4434978234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.614562988 CET49783443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.614597082 CET4434978334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.614747047 CET49782443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.614773989 CET49783443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.615212917 CET49782443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.615227938 CET4434978234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.615273952 CET49783443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.615300894 CET4434978334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.616288900 CET49777443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.616379976 CET49777443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.616511106 CET4434977734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.616569996 CET49777443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.819339037 CET4434977934.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.820424080 CET49779443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.913791895 CET49781443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.913820982 CET4434978134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.988503933 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.108624935 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.303443909 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.307065964 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.346221924 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.427043915 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.623229980 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.669367075 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.828587055 CET4434978334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.828737974 CET49783443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.830892086 CET4434978234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.831687927 CET49783443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.831706047 CET4434978334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.831856966 CET49782443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.832004070 CET4434978334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.834299088 CET49782443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.834312916 CET4434978234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.834661007 CET4434978234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.836391926 CET49783443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.836457968 CET49783443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.836612940 CET4434978334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.837317944 CET49782443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.837398052 CET49782443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.837544918 CET4434978234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.838052034 CET49782443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.838067055 CET49783443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.838073015 CET49782443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.840204954 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.959901094 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:46.154864073 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:46.159224987 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:46.201994896 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:46.279134035 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:46.473907948 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:46.518557072 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:56.162667036 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:56.286940098 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:56.479155064 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:56.601295948 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:06.291853905 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:06.411696911 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:06.608318090 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:06.729363918 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:16.419060946 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:16.540941000 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:16.735580921 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:16.855328083 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:18.062562943 CET49786443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:18.062601089 CET4434978634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:18.062747955 CET49786443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:18.064460039 CET49786443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:18.064470053 CET4434978634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.277678967 CET4434978634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.277858973 CET49786443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.284337044 CET49786443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.284348965 CET4434978634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.284475088 CET49786443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.284702063 CET4434978634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.285674095 CET49786443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.287667036 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.408910990 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.603282928 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.607070923 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.643903971 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.731147051 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.924001932 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.966921091 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:29.611044884 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:29.730916023 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:29.927079916 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:30.046865940 CET804974234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:39.740134954 CET4973580192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:39.862435102 CET804973534.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:40.056685925 CET4974280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:40.176704884 CET804974234.107.221.82192.168.2.6

                                                                                                                                                                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.638339996 CET4980953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.651921034 CET5977553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.775218964 CET53498091.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.776580095 CET5507353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.777749062 CET6439953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.790437937 CET5113353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.914874077 CET53643991.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.915266991 CET53550731.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.915558100 CET6539153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.918490887 CET6428353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.928080082 CET53511331.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.929614067 CET6119553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.052743912 CET53653911.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.055491924 CET53642831.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.066708088 CET53611951.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.162846088 CET5642753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.300091982 CET53564271.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.439132929 CET6221653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.569292068 CET5638153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.576471090 CET53622161.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.577610970 CET6200753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.706692934 CET53563811.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.707930088 CET6200953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.715188980 CET53620071.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.823546886 CET6522153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.845402002 CET53620091.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.961714029 CET53652211.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.963010073 CET5519353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.029850960 CET6268153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.076690912 CET5074853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.077433109 CET6346753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.078289032 CET6313053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.102643013 CET53551931.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.107023001 CET6291653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.168493032 CET53626811.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.214431047 CET53507481.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.216167927 CET53631301.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.219188929 CET5612653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.244899035 CET53629161.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.357810020 CET53561261.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.358622074 CET5035653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.496474028 CET53503561.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:50.547188997 CET6488153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:50.686667919 CET53648811.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:50.688390017 CET5444953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:50.922415018 CET53544491.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:50.977833033 CET5271653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.116017103 CET53527161.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.423223019 CET5238853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.603167057 CET5439053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.741744041 CET53543901.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.743376017 CET6522353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.838697910 CET6299553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.880783081 CET53652231.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.882709026 CET5288253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.976080894 CET53629951.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.020169020 CET53528821.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.198467016 CET5728453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.210555077 CET5950253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.239857912 CET53530461.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.335872889 CET53572841.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.342570066 CET6062053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.348087072 CET53595021.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.364171028 CET5163053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.479873896 CET53606201.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.480880022 CET6099953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.501946926 CET53516301.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.618149042 CET53609991.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.849502087 CET6514353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.986988068 CET53651431.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.383574963 CET5404653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.384135962 CET5987153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.384135962 CET5578953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.521275043 CET53557891.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.522162914 CET5860453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.522412062 CET53598711.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.523066998 CET5712353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.526770115 CET53540461.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.569323063 CET6266753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.659266949 CET53586041.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.659885883 CET4931753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.662142038 CET53571231.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.662955046 CET5012553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.706986904 CET53626671.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.712558985 CET5020753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.800611019 CET53493171.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.801110029 CET53501251.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.801445007 CET5229053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.801956892 CET6026653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.849565983 CET53502071.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.851032972 CET6220753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.939738989 CET53522901.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.939840078 CET53602661.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.940856934 CET5335053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.940856934 CET6526053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.988336086 CET53622071.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.078064919 CET53533501.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.078835964 CET5711053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.142280102 CET53652601.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.142972946 CET5617453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.215739012 CET53571101.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.281307936 CET53561741.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.833467007 CET5292053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.866095066 CET6443253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.971340895 CET53529201.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.973723888 CET6076353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.973846912 CET5337353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.003267050 CET53644321.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.113792896 CET53607631.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.114604950 CET6405453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.187227964 CET53533731.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.187982082 CET5083053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.188332081 CET6406153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.252959013 CET53640541.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.326339960 CET53640611.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.326401949 CET53508301.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.332837105 CET5069753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.470983028 CET53506971.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.856435061 CET5349453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.993976116 CET53534941.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:36.093647003 CET6378653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:36.232316971 CET53637861.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.369843960 CET6360353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.508704901 CET53636031.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.990247011 CET5381053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:17.922250032 CET6271853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:18.060911894 CET53627181.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:18.062534094 CET5186153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:18.201698065 CET53518611.1.1.1192.168.2.6

                                                                                                                                                                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.638339996 CET192.168.2.61.1.1.10x6bd4Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.651921034 CET192.168.2.61.1.1.10x983fStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.776580095 CET192.168.2.61.1.1.10x246dStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.777749062 CET192.168.2.61.1.1.10xd7fdStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.790437937 CET192.168.2.61.1.1.10xfce4Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.915558100 CET192.168.2.61.1.1.10x9392Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.918490887 CET192.168.2.61.1.1.10x1615Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.929614067 CET192.168.2.61.1.1.10xed6bStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.162846088 CET192.168.2.61.1.1.10x3ae3Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.439132929 CET192.168.2.61.1.1.10x76f5Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.569292068 CET192.168.2.61.1.1.10x5925Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.577610970 CET192.168.2.61.1.1.10xf5f1Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.707930088 CET192.168.2.61.1.1.10xe1e7Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.823546886 CET192.168.2.61.1.1.10x7bdfStandard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.963010073 CET192.168.2.61.1.1.10x7e60Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.029850960 CET192.168.2.61.1.1.10x3cbcStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.076690912 CET192.168.2.61.1.1.10xfa00Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.077433109 CET192.168.2.61.1.1.10x45ecStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.078289032 CET192.168.2.61.1.1.10x788bStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.107023001 CET192.168.2.61.1.1.10xd26dStandard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.219188929 CET192.168.2.61.1.1.10x69eeStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.358622074 CET192.168.2.61.1.1.10xd608Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:50.547188997 CET192.168.2.61.1.1.10x93b4Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:50.688390017 CET192.168.2.61.1.1.10xe4deStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:50.977833033 CET192.168.2.61.1.1.10x77e6Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.423223019 CET192.168.2.61.1.1.10x197fStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.603167057 CET192.168.2.61.1.1.10xe4a8Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.743376017 CET192.168.2.61.1.1.10xcceaStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.838697910 CET192.168.2.61.1.1.10x7536Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.882709026 CET192.168.2.61.1.1.10x6dfdStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.198467016 CET192.168.2.61.1.1.10xe51Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.210555077 CET192.168.2.61.1.1.10x419dStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.342570066 CET192.168.2.61.1.1.10x6218Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.364171028 CET192.168.2.61.1.1.10xdb79Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.480880022 CET192.168.2.61.1.1.10x3338Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.849502087 CET192.168.2.61.1.1.10x879aStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.383574963 CET192.168.2.61.1.1.10xb245Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.384135962 CET192.168.2.61.1.1.10x6efcStandard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.384135962 CET192.168.2.61.1.1.10x4a2bStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.522162914 CET192.168.2.61.1.1.10x8a00Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.523066998 CET192.168.2.61.1.1.10xc6c6Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.569323063 CET192.168.2.61.1.1.10x1594Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.659885883 CET192.168.2.61.1.1.10xb9b8Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.662955046 CET192.168.2.61.1.1.10x43feStandard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.712558985 CET192.168.2.61.1.1.10x3999Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.801445007 CET192.168.2.61.1.1.10xd54bStandard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.801956892 CET192.168.2.61.1.1.10xe8d8Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.851032972 CET192.168.2.61.1.1.10x159Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.940856934 CET192.168.2.61.1.1.10x22d4Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.940856934 CET192.168.2.61.1.1.10x75d3Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.078835964 CET192.168.2.61.1.1.10x1a08Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.142972946 CET192.168.2.61.1.1.10x9719Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.833467007 CET192.168.2.61.1.1.10x71eeStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.866095066 CET192.168.2.61.1.1.10xfcc5Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.973723888 CET192.168.2.61.1.1.10x9985Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.973846912 CET192.168.2.61.1.1.10xe1c7Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.114604950 CET192.168.2.61.1.1.10xfe49Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.187982082 CET192.168.2.61.1.1.10xfa52Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.188332081 CET192.168.2.61.1.1.10xd8c8Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.332837105 CET192.168.2.61.1.1.10xdaaStandard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.856435061 CET192.168.2.61.1.1.10x5af8Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:36.093647003 CET192.168.2.61.1.1.10x385fStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.369843960 CET192.168.2.61.1.1.10xcb3bStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.990247011 CET192.168.2.61.1.1.10x9a99Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:17.922250032 CET192.168.2.61.1.1.10x6d83Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:18.062534094 CET192.168.2.61.1.1.10x8483Standard query (0)push.services.mozilla.com28IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.773884058 CET1.1.1.1192.168.2.60x4cf4No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.775218964 CET1.1.1.1192.168.2.60x6bd4No error (0)youtube.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.789268970 CET1.1.1.1192.168.2.60x983fNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.789268970 CET1.1.1.1192.168.2.60x983fNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.914874077 CET1.1.1.1192.168.2.60xd7fdNo error (0)youtube.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.915266991 CET1.1.1.1192.168.2.60x246dNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.928080082 CET1.1.1.1192.168.2.60xfce4No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.052743912 CET1.1.1.1192.168.2.60x9392No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.066708088 CET1.1.1.1192.168.2.60xed6bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.300091982 CET1.1.1.1192.168.2.60x3ae3No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.566473961 CET1.1.1.1192.168.2.60x21b4No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.566473961 CET1.1.1.1192.168.2.60x21b4No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.576471090 CET1.1.1.1192.168.2.60x76f5No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.706692934 CET1.1.1.1192.168.2.60x5925No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.961714029 CET1.1.1.1192.168.2.60x7bdfNo error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:46.961714029 CET1.1.1.1192.168.2.60x7bdfNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.102643013 CET1.1.1.1192.168.2.60x7e60No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.168493032 CET1.1.1.1192.168.2.60x3cbcNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.214431047 CET1.1.1.1192.168.2.60xfa00No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.214431047 CET1.1.1.1192.168.2.60xfa00No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.216167927 CET1.1.1.1192.168.2.60x788bNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.216167927 CET1.1.1.1192.168.2.60x788bNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.216167927 CET1.1.1.1192.168.2.60x788bNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.216969013 CET1.1.1.1192.168.2.60x45ecNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.216969013 CET1.1.1.1192.168.2.60x45ecNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.357810020 CET1.1.1.1192.168.2.60x69eeNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.496474028 CET1.1.1.1192.168.2.60xd608No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:50.686667919 CET1.1.1.1192.168.2.60x93b4No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:50.686667919 CET1.1.1.1192.168.2.60x93b4No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:50.686667919 CET1.1.1.1192.168.2.60x93b4No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:50.922415018 CET1.1.1.1192.168.2.60xe4deNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.741744041 CET1.1.1.1192.168.2.60xe4a8No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.783723116 CET1.1.1.1192.168.2.60x197fNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.880783081 CET1.1.1.1192.168.2.60xcceaNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.972794056 CET1.1.1.1192.168.2.60xe94fNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.972794056 CET1.1.1.1192.168.2.60xe94fNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.188787937 CET1.1.1.1192.168.2.60x18ecNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.335872889 CET1.1.1.1192.168.2.60xe51No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.335872889 CET1.1.1.1192.168.2.60xe51No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.348087072 CET1.1.1.1192.168.2.60x419dNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.479873896 CET1.1.1.1192.168.2.60x6218No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:55.978714943 CET1.1.1.1192.168.2.60xcb44No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.521275043 CET1.1.1.1192.168.2.60x4a2bNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.521275043 CET1.1.1.1192.168.2.60x4a2bNo error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.522412062 CET1.1.1.1192.168.2.60x6efcNo error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.522412062 CET1.1.1.1192.168.2.60x6efcNo error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.526770115 CET1.1.1.1192.168.2.60xb245No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.526770115 CET1.1.1.1192.168.2.60xb245No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.526770115 CET1.1.1.1192.168.2.60xb245No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.526770115 CET1.1.1.1192.168.2.60xb245No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.526770115 CET1.1.1.1192.168.2.60xb245No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.526770115 CET1.1.1.1192.168.2.60xb245No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.526770115 CET1.1.1.1192.168.2.60xb245No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.526770115 CET1.1.1.1192.168.2.60xb245No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.526770115 CET1.1.1.1192.168.2.60xb245No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.526770115 CET1.1.1.1192.168.2.60xb245No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.659266949 CET1.1.1.1192.168.2.60x8a00No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.662142038 CET1.1.1.1192.168.2.60xc6c6No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.706986904 CET1.1.1.1192.168.2.60x1594No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.706986904 CET1.1.1.1192.168.2.60x1594No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.706986904 CET1.1.1.1192.168.2.60x1594No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.706986904 CET1.1.1.1192.168.2.60x1594No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.706986904 CET1.1.1.1192.168.2.60x1594No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.706986904 CET1.1.1.1192.168.2.60x1594No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.706986904 CET1.1.1.1192.168.2.60x1594No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.706986904 CET1.1.1.1192.168.2.60x1594No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.706986904 CET1.1.1.1192.168.2.60x1594No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.800611019 CET1.1.1.1192.168.2.60xb9b8No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.801110029 CET1.1.1.1192.168.2.60x43feNo error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.849565983 CET1.1.1.1192.168.2.60x3999No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.849565983 CET1.1.1.1192.168.2.60x3999No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.849565983 CET1.1.1.1192.168.2.60x3999No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.849565983 CET1.1.1.1192.168.2.60x3999No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.939738989 CET1.1.1.1192.168.2.60xd54bNo error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.939738989 CET1.1.1.1192.168.2.60xd54bNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.939738989 CET1.1.1.1192.168.2.60xd54bNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.939738989 CET1.1.1.1192.168.2.60xd54bNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.939738989 CET1.1.1.1192.168.2.60xd54bNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.939840078 CET1.1.1.1192.168.2.60xe8d8No error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.078064919 CET1.1.1.1192.168.2.60x22d4No error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.142280102 CET1.1.1.1192.168.2.60x75d3No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.142280102 CET1.1.1.1192.168.2.60x75d3No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.142280102 CET1.1.1.1192.168.2.60x75d3No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.142280102 CET1.1.1.1192.168.2.60x75d3No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.967219114 CET1.1.1.1192.168.2.60x8fcaNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.967219114 CET1.1.1.1192.168.2.60x8fcaNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.971340895 CET1.1.1.1192.168.2.60x71eeNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.971340895 CET1.1.1.1192.168.2.60x71eeNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.971340895 CET1.1.1.1192.168.2.60x71eeNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:13.971340895 CET1.1.1.1192.168.2.60x71eeNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.003267050 CET1.1.1.1192.168.2.60xfcc5No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.003267050 CET1.1.1.1192.168.2.60xfcc5No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.113792896 CET1.1.1.1192.168.2.60x9985No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.113792896 CET1.1.1.1192.168.2.60x9985No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.113792896 CET1.1.1.1192.168.2.60x9985No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.113792896 CET1.1.1.1192.168.2.60x9985No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.187227964 CET1.1.1.1192.168.2.60xe1c7No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.252959013 CET1.1.1.1192.168.2.60xfe49No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.252959013 CET1.1.1.1192.168.2.60xfe49No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.252959013 CET1.1.1.1192.168.2.60xfe49No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.252959013 CET1.1.1.1192.168.2.60xfe49No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:14.326339960 CET1.1.1.1192.168.2.60xd8c8No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:17.299921036 CET1.1.1.1192.168.2.60x5a74No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:17.299921036 CET1.1.1.1192.168.2.60x5a74No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:43.368530989 CET1.1.1.1192.168.2.60x9304No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.133200884 CET1.1.1.1192.168.2.60x9a99No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.133200884 CET1.1.1.1192.168.2.60x9a99No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:18.060911894 CET1.1.1.1192.168.2.60x6d83No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                            • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            0192.168.2.64972534.107.221.82806732C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:45.914064884 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.005693913 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 81861
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.064131021 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.379321098 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 81862
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            1192.168.2.64973134.107.221.82806732C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.340617895 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            2192.168.2.64973234.107.221.82806732C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:47.596543074 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.683654070 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 75304
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            3192.168.2.64973534.107.221.82806732C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:48.131356001 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:49.218630075 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 81864
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.350992918 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.665340900 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 81866
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:55.688431025 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.003088951 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 81870
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.115267992 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.431744099 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 81871
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:58.726684093 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:59.040771008 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 81873
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.373450041 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.691126108 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 81878
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.614764929 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.929112911 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 81879
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:05.941760063 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:06.256064892 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 81881
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.079185009 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.393285990 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 81890
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.080806017 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.394951105 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 81891
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.445780039 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.759938002 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 81891
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:26.776060104 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:36.921328068 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.318963051 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.634313107 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 81912
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:44.988503933 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.303443909 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 81920
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.840204954 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:46.154864073 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 81920
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:56.162667036 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:06.291853905 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:16.419060946 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.287667036 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.603282928 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 81954
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:29.611044884 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:39.740134954 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            4192.168.2.64973834.107.221.82806732C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:51.472501993 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            5192.168.2.64974234.107.221.82806732C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:52.168426991 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:53.253932953 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 83940
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.101752043 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.424233913 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 83943
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.613790035 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:56.928775072 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 83943
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:59.095330954 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:53:59.410069942 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 83946
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:03.694791079 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.009345055 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 83950
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:04.932280064 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:05.247025013 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 83952
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:06.259341955 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:06.573930979 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 83953
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.396972895 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:15.711839914 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 83962
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.400443077 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.715224981 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 83963
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:16.763326883 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:17.078691959 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 83963
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:27.092519045 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.222286940 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.637454987 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:37.952270031 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 83984
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.307065964 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:45.623229980 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 83992
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:46.159224987 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:46.473907948 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 83993
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:54:56.479155064 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:06.608318090 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:16.735580921 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.607070923 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:19.924001932 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Sun, 15 Dec 2024 09:34:53 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 84026
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:29.927079916 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 16, 2024 09:55:40.056685925 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                                                                                                                                                            Start time:03:53:36
                                                                                                                                                                                                                                                                                                                                                                            Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\mdPov8VTwi.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\mdPov8VTwi.exe"
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0xe0000
                                                                                                                                                                                                                                                                                                                                                                            File size:964'608 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:1993AD089D3AAC67B807530545D56EC3
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                                                                                                                                                                            Start time:03:53:37
                                                                                                                                                                                                                                                                                                                                                                            Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                            Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x1e0000
                                                                                                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                                                                                                                                                                            Start time:03:53:37
                                                                                                                                                                                                                                                                                                                                                                            Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                                                                                                                                                                                                            Start time:03:53:39
                                                                                                                                                                                                                                                                                                                                                                            Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                            Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x1e0000
                                                                                                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                                                                                                                                                                                            Start time:03:53:39
                                                                                                                                                                                                                                                                                                                                                                            Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                                                                                                                                                                                            Start time:03:53:39
                                                                                                                                                                                                                                                                                                                                                                            Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                            Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x1e0000
                                                                                                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                                                                                                                                                                                            Start time:03:53:39
                                                                                                                                                                                                                                                                                                                                                                            Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                                                                                                                                                                                                            Start time:03:53:40
                                                                                                                                                                                                                                                                                                                                                                            Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                            Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x1e0000
                                                                                                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                                                                                                                                                                                            Start time:03:53:40
                                                                                                                                                                                                                                                                                                                                                                            Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                                                                                                                                                                                            Start time:03:53:40
                                                                                                                                                                                                                                                                                                                                                                            Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                            Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x1e0000
                                                                                                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                                                                                                                                                                                            Start time:03:53:40
                                                                                                                                                                                                                                                                                                                                                                            Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                                                                                                                                                                                            Start time:03:53:41
                                                                                                                                                                                                                                                                                                                                                                            Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                                                                                                                                                                                            Start time:03:53:41
                                                                                                                                                                                                                                                                                                                                                                            Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                                                                                                                                                                                            Start time:03:53:41
                                                                                                                                                                                                                                                                                                                                                                            Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                                                                                                                                                                            Start time:03:53:42
                                                                                                                                                                                                                                                                                                                                                                            Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70d81a13-a225-4265-8ca9-40698a313c3e} 6732 "\\.\pipe\gecko-crash-server-pipe.6732" 1f154d6dd10 socket
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                                                                                                                                                                                            Start time:03:53:44
                                                                                                                                                                                                                                                                                                                                                                            Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2512 -parentBuildID 20230927232528 -prefsHandle 4152 -prefMapHandle 4012 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ee53d91-f2db-4f57-847b-44ac09d70421} 6732 "\\.\pipe\gecko-crash-server-pipe.6732" 1f1672fbf10 rdd
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:21
                                                                                                                                                                                                                                                                                                                                                                            Start time:03:53:51
                                                                                                                                                                                                                                                                                                                                                                            Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5256 -prefMapHandle 5228 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {483d19b1-0be0-4d3d-8b1c-b6a9ab3ca66f} 6732 "\\.\pipe\gecko-crash-server-pipe.6732" 1f16dd04110 utility
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                                                                                                                                              Execution Coverage:2.4%
                                                                                                                                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                              Signature Coverage:4.4%
                                                                                                                                                                                                                                                                                                                                                                              Total number of Nodes:1678
                                                                                                                                                                                                                                                                                                                                                                              Total number of Limit Nodes:68
                                                                                                                                                                                                                                                                                                                                                                              execution_graph 95664 172a55 95672 151ebc 95664->95672 95667 172a70 95674 1439c0 22 API calls 95667->95674 95669 172a7c 95675 14417d 22 API calls __fread_nolock 95669->95675 95671 172a87 95673 151ec3 IsWindow 95672->95673 95673->95667 95673->95671 95674->95669 95675->95671 95676 13d255 95678 13d275 95676->95678 95679 e3b1c 95676->95679 95678->95678 95680 e3b8c 95679->95680 95681 e3b29 95679->95681 95680->95678 95681->95680 95682 e3b30 RegOpenKeyExW 95681->95682 95682->95680 95683 e3b4a RegQueryValueExW 95682->95683 95684 e3b6b 95683->95684 95685 e3b80 RegCloseKey 95683->95685 95684->95685 95685->95680 95686 13d29a 95689 14de27 WSAStartup 95686->95689 95688 13d2a5 95690 14de50 gethostname gethostbyname 95689->95690 95691 14dee6 95689->95691 95690->95691 95692 14de73 __fread_nolock 95690->95692 95691->95688 95693 14dea5 inet_ntoa 95692->95693 95697 14de87 95692->95697 95695 14debe _strcat 95693->95695 95694 14dede WSACleanup 95694->95691 95698 14ebd1 95695->95698 95697->95694 95699 14ec37 95698->95699 95700 14ebe0 _strlen 95698->95700 95699->95697 95701 14ebef MultiByteToWideChar 95700->95701 95701->95699 95702 14ec04 95701->95702 95705 ffe0b 95702->95705 95704 14ec20 MultiByteToWideChar 95704->95699 95708 ffddb 95705->95708 95707 ffdfa 95707->95704 95708->95707 95711 ffdfc 95708->95711 95715 10ea0c 95708->95715 95722 104ead 7 API calls 2 library calls 95708->95722 95710 10066d 95724 1032a4 RaiseException 95710->95724 95711->95710 95723 1032a4 RaiseException 95711->95723 95714 10068a 95714->95704 95717 113820 FindHandlerForForeignException 95715->95717 95716 11385e 95726 10f2d9 20 API calls _abort 95716->95726 95717->95716 95719 113849 RtlAllocateHeap 95717->95719 95725 104ead 7 API calls 2 library calls 95717->95725 95719->95717 95720 11385c 95719->95720 95720->95708 95722->95708 95723->95710 95724->95714 95725->95717 95726->95720 95727 e1044 95732 e10f3 95727->95732 95729 e104a 95768 1000a3 29 API calls __onexit 95729->95768 95731 e1054 95769 e1398 95732->95769 95736 e116a 95779 ea961 95736->95779 95739 ea961 22 API calls 95740 e117e 95739->95740 95741 ea961 22 API calls 95740->95741 95742 e1188 95741->95742 95743 ea961 22 API calls 95742->95743 95744 e11c6 95743->95744 95745 ea961 22 API calls 95744->95745 95746 e1292 95745->95746 95784 e171c 95746->95784 95750 e12c4 95751 ea961 22 API calls 95750->95751 95752 e12ce 95751->95752 95805 f1940 95752->95805 95754 e12f9 95815 e1aab 95754->95815 95756 e1315 95757 e1325 GetStdHandle 95756->95757 95758 e137a 95757->95758 95759 122485 95757->95759 95762 e1387 OleInitialize 95758->95762 95759->95758 95760 12248e 95759->95760 95822 ffddb 95760->95822 95762->95729 95763 122495 95832 15011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95763->95832 95765 12249e 95833 150944 CreateThread 95765->95833 95767 1224aa CloseHandle 95767->95758 95768->95731 95834 e13f1 95769->95834 95772 e13f1 22 API calls 95773 e13d0 95772->95773 95774 ea961 22 API calls 95773->95774 95775 e13dc 95774->95775 95841 e6b57 95775->95841 95777 e1129 95778 e1bc3 6 API calls 95777->95778 95778->95736 95780 ffe0b 22 API calls 95779->95780 95781 ea976 95780->95781 95782 ffddb 22 API calls 95781->95782 95783 e1174 95782->95783 95783->95739 95785 ea961 22 API calls 95784->95785 95786 e172c 95785->95786 95787 ea961 22 API calls 95786->95787 95788 e1734 95787->95788 95789 ea961 22 API calls 95788->95789 95790 e174f 95789->95790 95791 ffddb 22 API calls 95790->95791 95792 e129c 95791->95792 95793 e1b4a 95792->95793 95794 e1b58 95793->95794 95795 ea961 22 API calls 95794->95795 95796 e1b63 95795->95796 95797 ea961 22 API calls 95796->95797 95798 e1b6e 95797->95798 95799 ea961 22 API calls 95798->95799 95800 e1b79 95799->95800 95801 ea961 22 API calls 95800->95801 95802 e1b84 95801->95802 95803 ffddb 22 API calls 95802->95803 95804 e1b96 RegisterWindowMessageW 95803->95804 95804->95750 95806 f1981 95805->95806 95812 f195d 95805->95812 95864 100242 5 API calls __Init_thread_wait 95806->95864 95809 f198b 95809->95812 95865 1001f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95809->95865 95810 f8727 95814 f196e 95810->95814 95867 1001f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95810->95867 95812->95814 95866 100242 5 API calls __Init_thread_wait 95812->95866 95814->95754 95816 e1abb 95815->95816 95817 12272d 95815->95817 95818 ffddb 22 API calls 95816->95818 95868 153209 23 API calls 95817->95868 95820 e1ac3 95818->95820 95820->95756 95821 122738 95825 ffde0 95822->95825 95823 10ea0c ___std_exception_copy 21 API calls 95823->95825 95824 ffdfa 95824->95763 95825->95823 95825->95824 95828 ffdfc 95825->95828 95869 104ead 7 API calls 2 library calls 95825->95869 95827 10066d 95871 1032a4 RaiseException 95827->95871 95828->95827 95870 1032a4 RaiseException 95828->95870 95831 10068a 95831->95763 95832->95765 95833->95767 95872 15092a 28 API calls 95833->95872 95835 ea961 22 API calls 95834->95835 95836 e13fc 95835->95836 95837 ea961 22 API calls 95836->95837 95838 e1404 95837->95838 95839 ea961 22 API calls 95838->95839 95840 e13c6 95839->95840 95840->95772 95842 124ba1 95841->95842 95843 e6b67 _wcslen 95841->95843 95854 e93b2 95842->95854 95846 e6b7d 95843->95846 95847 e6ba2 95843->95847 95845 124baa 95845->95845 95853 e6f34 22 API calls 95846->95853 95848 ffddb 22 API calls 95847->95848 95851 e6bae 95848->95851 95850 e6b85 __fread_nolock 95850->95777 95852 ffe0b 22 API calls 95851->95852 95852->95850 95853->95850 95855 e93c9 __fread_nolock 95854->95855 95856 e93c0 95854->95856 95855->95845 95856->95855 95858 eaec9 95856->95858 95859 eaedc 95858->95859 95863 eaed9 __fread_nolock 95858->95863 95860 ffddb 22 API calls 95859->95860 95861 eaee7 95860->95861 95862 ffe0b 22 API calls 95861->95862 95862->95863 95863->95855 95864->95809 95865->95812 95866->95810 95867->95814 95868->95821 95869->95825 95870->95827 95871->95831 95873 13d35f 95874 13d30c 95873->95874 95877 14df27 SHGetFolderPathW 95874->95877 95878 e6b57 22 API calls 95877->95878 95879 13d315 95878->95879 95880 13d79f 95881 e3b1c 3 API calls 95880->95881 95882 13d7bf 95881->95882 95885 e9c6e 22 API calls 95882->95885 95884 13d7ef 95884->95884 95885->95884 95886 122402 95889 e1410 95886->95889 95890 e144f mciSendStringW 95889->95890 95891 1224b8 DestroyWindow 95889->95891 95892 e146b 95890->95892 95893 e16c6 95890->95893 95903 1224c4 95891->95903 95894 e1479 95892->95894 95892->95903 95893->95892 95895 e16d5 UnregisterHotKey 95893->95895 95922 e182e 95894->95922 95895->95893 95897 1224e2 FindClose 95897->95903 95898 1224d8 95898->95903 95928 e6246 CloseHandle 95898->95928 95900 122509 95904 12252d 95900->95904 95905 12251c FreeLibrary 95900->95905 95902 e148e 95902->95904 95910 e149c 95902->95910 95903->95897 95903->95898 95903->95900 95906 122541 VirtualFree 95904->95906 95911 e1509 95904->95911 95905->95900 95906->95904 95907 e14f8 CoUninitialize 95907->95911 95908 122589 95914 122598 messages 95908->95914 95929 1532eb 6 API calls messages 95908->95929 95910->95907 95911->95908 95912 e1514 95911->95912 95926 e1944 VirtualFreeEx CloseHandle 95912->95926 95919 122627 95914->95919 95930 1464d4 22 API calls messages 95914->95930 95916 e153a 95916->95914 95917 e161f 95916->95917 95918 e166d 95917->95918 95917->95919 95918->95919 95927 e1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 95918->95927 95919->95919 95921 e16c1 95924 e183b 95922->95924 95923 e1480 95923->95900 95923->95902 95924->95923 95931 14702a 22 API calls 95924->95931 95926->95916 95927->95921 95928->95898 95929->95908 95930->95914 95931->95924 95932 118402 95937 1181be 95932->95937 95935 11842a 95942 1181ef try_get_first_available_module 95937->95942 95939 1183ee 95956 1127ec 26 API calls __fread_nolock 95939->95956 95941 118343 95941->95935 95949 120984 95941->95949 95948 118338 95942->95948 95952 108e0b 40 API calls 2 library calls 95942->95952 95944 11838c 95944->95948 95953 108e0b 40 API calls 2 library calls 95944->95953 95946 1183ab 95946->95948 95954 108e0b 40 API calls 2 library calls 95946->95954 95948->95941 95955 10f2d9 20 API calls _abort 95948->95955 95957 120081 95949->95957 95951 12099f 95951->95935 95952->95944 95953->95946 95954->95948 95955->95939 95956->95941 95959 12008d ___DestructExceptionObject 95957->95959 95958 12009b 96015 10f2d9 20 API calls _abort 95958->96015 95959->95958 95961 1200d4 95959->95961 95968 12065b 95961->95968 95962 1200a0 96016 1127ec 26 API calls __fread_nolock 95962->96016 95967 1200aa __fread_nolock 95967->95951 96018 12042f 95968->96018 95971 1206a6 96036 115221 95971->96036 95972 12068d 96050 10f2c6 20 API calls _abort 95972->96050 95975 1206ab 95977 1206b4 95975->95977 95978 1206cb 95975->95978 95976 120692 96051 10f2d9 20 API calls _abort 95976->96051 96052 10f2c6 20 API calls _abort 95977->96052 96049 12039a CreateFileW 95978->96049 95982 1206b9 96053 10f2d9 20 API calls _abort 95982->96053 95984 120781 GetFileType 95985 1207d3 95984->95985 95986 12078c GetLastError 95984->95986 96058 11516a 21 API calls 3 library calls 95985->96058 96056 10f2a3 20 API calls 2 library calls 95986->96056 95987 120756 GetLastError 96055 10f2a3 20 API calls 2 library calls 95987->96055 95989 120704 95989->95984 95989->95987 96054 12039a CreateFileW 95989->96054 95991 12079a CloseHandle 95991->95976 95993 1207c3 95991->95993 96057 10f2d9 20 API calls _abort 95993->96057 95995 120749 95995->95984 95995->95987 95997 1207f4 95999 120840 95997->95999 96059 1205ab 72 API calls 4 library calls 95997->96059 95998 1207c8 95998->95976 96003 12086d 95999->96003 96060 12014d 72 API calls 4 library calls 95999->96060 96002 120866 96002->96003 96005 12087e 96002->96005 96061 1186ae 96003->96061 96006 1200f8 96005->96006 96007 1208fc CloseHandle 96005->96007 96017 120121 LeaveCriticalSection __wsopen_s 96006->96017 96076 12039a CreateFileW 96007->96076 96009 120927 96010 12095d 96009->96010 96011 120931 GetLastError 96009->96011 96010->96006 96077 10f2a3 20 API calls 2 library calls 96011->96077 96013 12093d 96078 115333 21 API calls 3 library calls 96013->96078 96015->95962 96016->95967 96017->95967 96019 120450 96018->96019 96020 12046a 96018->96020 96019->96020 96086 10f2d9 20 API calls _abort 96019->96086 96079 1203bf 96020->96079 96023 12045f 96087 1127ec 26 API calls __fread_nolock 96023->96087 96025 1204a2 96026 1204d1 96025->96026 96088 10f2d9 20 API calls _abort 96025->96088 96031 120524 96026->96031 96090 10d70d 26 API calls 2 library calls 96026->96090 96029 12051f 96029->96031 96032 12059e 96029->96032 96030 1204c6 96089 1127ec 26 API calls __fread_nolock 96030->96089 96031->95971 96031->95972 96091 1127fc 11 API calls _abort 96032->96091 96035 1205aa 96037 11522d ___DestructExceptionObject 96036->96037 96094 112f5e EnterCriticalSection 96037->96094 96039 11527b 96095 11532a 96039->96095 96040 115259 96098 115000 21 API calls 3 library calls 96040->96098 96041 115234 96041->96039 96041->96040 96046 1152c7 EnterCriticalSection 96041->96046 96044 1152a4 __fread_nolock 96044->95975 96045 11525e 96045->96039 96099 115147 EnterCriticalSection 96045->96099 96046->96039 96047 1152d4 LeaveCriticalSection 96046->96047 96047->96041 96049->95989 96050->95976 96051->96006 96052->95982 96053->95976 96054->95995 96055->95976 96056->95991 96057->95998 96058->95997 96059->95999 96060->96002 96101 1153c4 96061->96101 96063 1186c4 96114 115333 21 API calls 3 library calls 96063->96114 96065 1186be 96065->96063 96067 1153c4 __wsopen_s 26 API calls 96065->96067 96075 1186f6 96065->96075 96066 11871c 96074 11873e 96066->96074 96115 10f2a3 20 API calls 2 library calls 96066->96115 96070 1186ed 96067->96070 96068 1153c4 __wsopen_s 26 API calls 96069 118702 CloseHandle 96068->96069 96069->96063 96071 11870e GetLastError 96069->96071 96073 1153c4 __wsopen_s 26 API calls 96070->96073 96071->96063 96073->96075 96074->96006 96075->96063 96075->96068 96076->96009 96077->96013 96078->96010 96080 1203d7 96079->96080 96081 1203f2 96080->96081 96092 10f2d9 20 API calls _abort 96080->96092 96081->96025 96083 120416 96093 1127ec 26 API calls __fread_nolock 96083->96093 96085 120421 96085->96025 96086->96023 96087->96020 96088->96030 96089->96026 96090->96029 96091->96035 96092->96083 96093->96085 96094->96041 96100 112fa6 LeaveCriticalSection 96095->96100 96097 115331 96097->96044 96098->96045 96099->96039 96100->96097 96102 1153d1 96101->96102 96103 1153e6 96101->96103 96116 10f2c6 20 API calls _abort 96102->96116 96107 11540b 96103->96107 96118 10f2c6 20 API calls _abort 96103->96118 96106 1153d6 96117 10f2d9 20 API calls _abort 96106->96117 96107->96065 96108 115416 96119 10f2d9 20 API calls _abort 96108->96119 96110 1153de 96110->96065 96112 11541e 96120 1127ec 26 API calls __fread_nolock 96112->96120 96114->96066 96115->96074 96116->96106 96117->96110 96118->96108 96119->96112 96120->96110 96121 132a00 96137 ed7b0 messages 96121->96137 96122 edb11 PeekMessageW 96122->96137 96123 ed807 GetInputState 96123->96122 96123->96137 96124 131cbe TranslateAcceleratorW 96124->96137 96126 edb8f PeekMessageW 96126->96137 96127 eda04 timeGetTime 96127->96137 96128 edb73 TranslateMessage DispatchMessageW 96128->96126 96129 edbaf Sleep 96129->96137 96130 132b74 Sleep 96143 132a51 96130->96143 96132 131dda timeGetTime 96301 fe300 23 API calls 96132->96301 96136 132c0b GetExitCodeProcess 96141 132c21 WaitForSingleObject 96136->96141 96142 132c37 CloseHandle 96136->96142 96137->96122 96137->96123 96137->96124 96137->96126 96137->96127 96137->96128 96137->96129 96137->96130 96137->96132 96138 ed9d5 96137->96138 96137->96143 96153 edd50 96137->96153 96160 edfd0 96137->96160 96183 ebf40 96137->96183 96241 fedf6 96137->96241 96246 f1310 96137->96246 96300 fe551 timeGetTime 96137->96300 96302 153a2a 23 API calls 96137->96302 96303 eec40 96137->96303 96327 15359c 82 API calls __wsopen_s 96137->96327 96139 1729bf GetForegroundWindow 96139->96143 96141->96137 96141->96142 96142->96143 96143->96136 96143->96137 96143->96138 96143->96139 96144 132ca9 Sleep 96143->96144 96328 165658 23 API calls 96143->96328 96329 14e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96143->96329 96330 fe551 timeGetTime 96143->96330 96331 14d4dc CreateToolhelp32Snapshot Process32FirstW 96143->96331 96144->96137 96154 edd6f 96153->96154 96155 edd83 96153->96155 96341 ed260 96154->96341 96373 15359c 82 API calls __wsopen_s 96155->96373 96157 edd7a 96157->96137 96159 132f75 96159->96159 96161 ee010 96160->96161 96172 ee0dc messages 96161->96172 96386 100242 5 API calls __Init_thread_wait 96161->96386 96164 ee3e1 96164->96137 96165 132fca 96167 ea961 22 API calls 96165->96167 96165->96172 96166 ea961 22 API calls 96166->96172 96170 132fe4 96167->96170 96387 1000a3 29 API calls __onexit 96170->96387 96172->96164 96172->96166 96175 eec40 348 API calls 96172->96175 96177 15359c 82 API calls 96172->96177 96180 f04f0 22 API calls 96172->96180 96383 ea8c7 22 API calls __fread_nolock 96172->96383 96384 ea81b 41 API calls 96172->96384 96385 fa308 348 API calls 96172->96385 96389 100242 5 API calls __Init_thread_wait 96172->96389 96390 1000a3 29 API calls __onexit 96172->96390 96391 1001f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96172->96391 96392 1647d4 348 API calls 96172->96392 96393 1668c1 348 API calls 96172->96393 96174 132fee 96388 1001f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96174->96388 96175->96172 96177->96172 96180->96172 96394 eadf0 96183->96394 96185 ebf9d 96186 1304b6 96185->96186 96187 ebfa9 96185->96187 96422 15359c 82 API calls __wsopen_s 96186->96422 96188 ec01e 96187->96188 96189 1304c6 96187->96189 96399 eac91 96188->96399 96423 15359c 82 API calls __wsopen_s 96189->96423 96193 ec7da 96197 ffe0b 22 API calls 96193->96197 96202 ec808 __fread_nolock 96197->96202 96199 1304f5 96203 13055a 96199->96203 96424 fd217 348 API calls 96199->96424 96207 ffe0b 22 API calls 96202->96207 96225 ec603 96203->96225 96425 15359c 82 API calls __wsopen_s 96203->96425 96204 eaf8a 22 API calls 96237 ec039 __fread_nolock messages 96204->96237 96205 147120 22 API calls 96205->96237 96206 13091a 96434 153209 23 API calls 96206->96434 96238 ec350 __fread_nolock messages 96207->96238 96210 eec40 348 API calls 96210->96237 96211 1308a5 96212 eec40 348 API calls 96211->96212 96214 1308cf 96212->96214 96214->96225 96432 ea81b 41 API calls 96214->96432 96215 130591 96426 15359c 82 API calls __wsopen_s 96215->96426 96216 1308f6 96433 15359c 82 API calls __wsopen_s 96216->96433 96221 ec237 96223 ec253 96221->96223 96435 ea8c7 22 API calls __fread_nolock 96221->96435 96222 eaceb 23 API calls 96222->96237 96226 130976 96223->96226 96231 ec297 messages 96223->96231 96225->96137 96229 eaceb 23 API calls 96226->96229 96228 ffddb 22 API calls 96228->96237 96230 1309bf 96229->96230 96230->96225 96436 15359c 82 API calls __wsopen_s 96230->96436 96231->96230 96410 eaceb 96231->96410 96233 ec335 96233->96230 96234 ec342 96233->96234 96420 ea704 22 API calls messages 96234->96420 96235 ebbe0 40 API calls 96235->96237 96237->96193 96237->96199 96237->96202 96237->96203 96237->96204 96237->96205 96237->96206 96237->96210 96237->96211 96237->96215 96237->96216 96237->96221 96237->96222 96237->96225 96237->96228 96237->96230 96237->96235 96239 ffe0b 22 API calls 96237->96239 96403 ead81 96237->96403 96427 147099 22 API calls __fread_nolock 96237->96427 96428 165745 54 API calls _wcslen 96237->96428 96429 faa42 22 API calls messages 96237->96429 96430 14f05c 40 API calls 96237->96430 96431 ea993 41 API calls 96237->96431 96240 ec3ac 96238->96240 96421 fce17 22 API calls messages 96238->96421 96239->96237 96240->96137 96242 fee09 96241->96242 96243 fee12 96241->96243 96242->96137 96243->96242 96244 fee36 IsDialogMessageW 96243->96244 96245 13efaf GetClassLongW 96243->96245 96244->96242 96244->96243 96245->96243 96245->96244 96247 f1376 96246->96247 96248 f17b0 96246->96248 96249 136331 96247->96249 96252 f1940 9 API calls 96247->96252 96477 100242 5 API calls __Init_thread_wait 96248->96477 96487 16709c 348 API calls 96249->96487 96255 f13a0 96252->96255 96253 f17ba 96256 f17fb 96253->96256 96478 e9cb3 96253->96478 96254 13633d 96254->96137 96257 f1940 9 API calls 96255->96257 96260 136346 96256->96260 96262 f182c 96256->96262 96259 f13b6 96257->96259 96259->96256 96261 f13ec 96259->96261 96488 15359c 82 API calls __wsopen_s 96260->96488 96261->96260 96286 f1408 __fread_nolock 96261->96286 96264 eaceb 23 API calls 96262->96264 96266 f1839 96264->96266 96265 f17d4 96484 1001f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96265->96484 96485 fd217 348 API calls 96266->96485 96269 13636e 96489 15359c 82 API calls __wsopen_s 96269->96489 96270 f152f 96272 1363d1 96270->96272 96273 f153c 96270->96273 96491 165745 54 API calls _wcslen 96272->96491 96275 f1940 9 API calls 96273->96275 96276 f1549 96275->96276 96282 f1940 9 API calls 96276->96282 96292 f15c7 messages 96276->96292 96277 ffddb 22 API calls 96277->96286 96278 f1872 96278->96249 96486 ffaeb 23 API calls 96278->96486 96279 ffe0b 22 API calls 96279->96286 96280 f171d 96280->96137 96290 f1563 96282->96290 96284 eec40 348 API calls 96284->96286 96285 f167b messages 96285->96280 96476 fce17 22 API calls messages 96285->96476 96286->96266 96286->96269 96286->96270 96286->96277 96286->96279 96286->96284 96287 1363b2 96286->96287 96286->96292 96490 15359c 82 API calls __wsopen_s 96287->96490 96289 f1940 9 API calls 96289->96292 96290->96292 96492 ea8c7 22 API calls __fread_nolock 96290->96492 96292->96278 96292->96285 96292->96289 96448 16ab67 96292->96448 96451 16abf7 96292->96451 96456 ff645 96292->96456 96463 171591 96292->96463 96466 155c5a 96292->96466 96471 16a2ea 96292->96471 96493 15359c 82 API calls __wsopen_s 96292->96493 96300->96137 96301->96137 96302->96137 96322 eec76 messages 96303->96322 96304 1000a3 29 API calls pre_c_initialization 96304->96322 96305 134beb 96732 15359c 82 API calls __wsopen_s 96305->96732 96307 efef7 96319 eed9d messages 96307->96319 96728 ea8c7 22 API calls __fread_nolock 96307->96728 96308 ffddb 22 API calls 96308->96322 96310 134600 96310->96319 96727 ea8c7 22 API calls __fread_nolock 96310->96727 96311 134b0b 96730 15359c 82 API calls __wsopen_s 96311->96730 96312 ea8c7 22 API calls 96312->96322 96318 100242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96318->96322 96319->96137 96320 efbe3 96320->96319 96323 134bdc 96320->96323 96326 ef3ae messages 96320->96326 96321 ea961 22 API calls 96321->96322 96322->96304 96322->96305 96322->96307 96322->96308 96322->96310 96322->96311 96322->96312 96322->96318 96322->96319 96322->96320 96322->96321 96325 1001f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96322->96325 96322->96326 96665 f01e0 96322->96665 96726 f06a0 41 API calls messages 96322->96726 96731 15359c 82 API calls __wsopen_s 96323->96731 96325->96322 96326->96319 96729 15359c 82 API calls __wsopen_s 96326->96729 96327->96137 96328->96143 96329->96143 96330->96143 96763 14def7 96331->96763 96333 14d529 Process32NextW 96334 14d5db CloseHandle 96333->96334 96336 14d522 96333->96336 96334->96143 96335 ea961 22 API calls 96335->96336 96336->96333 96336->96334 96336->96335 96337 e9cb3 22 API calls 96336->96337 96769 e525f 22 API calls 96336->96769 96770 e6350 22 API calls 96336->96770 96771 fce60 41 API calls 96336->96771 96337->96336 96342 eec40 348 API calls 96341->96342 96363 ed29d 96342->96363 96343 131bc4 96382 15359c 82 API calls __wsopen_s 96343->96382 96345 ed30b messages 96345->96157 96346 ed6d5 96346->96345 96355 ffe0b 22 API calls 96346->96355 96347 ed3c3 96347->96346 96349 ed3ce 96347->96349 96348 ed5ff 96351 131bb5 96348->96351 96352 ed614 96348->96352 96350 ffddb 22 API calls 96349->96350 96357 ed3d5 __fread_nolock 96350->96357 96381 165705 23 API calls 96351->96381 96359 ffddb 22 API calls 96352->96359 96353 ed4b8 96360 ffe0b 22 API calls 96353->96360 96354 ffddb 22 API calls 96354->96363 96355->96357 96356 ed429 __fread_nolock messages 96356->96348 96365 ed46a 96356->96365 96366 131ba4 96356->96366 96369 131b7f 96356->96369 96371 131b5d 96356->96371 96375 e1f6f 96356->96375 96361 ffddb 22 API calls 96357->96361 96362 ed3f6 96357->96362 96359->96365 96360->96356 96361->96362 96362->96356 96374 ebec0 348 API calls 96362->96374 96363->96343 96363->96345 96363->96346 96363->96347 96363->96353 96363->96354 96363->96356 96365->96157 96380 15359c 82 API calls __wsopen_s 96366->96380 96379 15359c 82 API calls __wsopen_s 96369->96379 96378 15359c 82 API calls __wsopen_s 96371->96378 96373->96159 96374->96356 96376 eec40 348 API calls 96375->96376 96377 e1f98 96376->96377 96377->96356 96378->96365 96379->96365 96380->96365 96381->96343 96382->96345 96383->96172 96384->96172 96385->96172 96386->96165 96387->96174 96388->96172 96389->96172 96390->96172 96391->96172 96392->96172 96393->96172 96395 eae01 96394->96395 96398 eae1c messages 96394->96398 96396 eaec9 22 API calls 96395->96396 96397 eae09 CharUpperBuffW 96396->96397 96397->96398 96398->96185 96400 eacae 96399->96400 96401 eacd1 96400->96401 96437 15359c 82 API calls __wsopen_s 96400->96437 96401->96237 96404 12fadb 96403->96404 96405 ead92 96403->96405 96406 ffddb 22 API calls 96405->96406 96407 ead99 96406->96407 96438 eadcd 96407->96438 96411 eacf9 96410->96411 96419 ead2a messages 96410->96419 96412 ead55 96411->96412 96414 ead01 messages 96411->96414 96412->96419 96446 ea8c7 22 API calls __fread_nolock 96412->96446 96415 12fa48 96414->96415 96416 ead21 96414->96416 96414->96419 96415->96419 96447 fce17 22 API calls messages 96415->96447 96417 12fa3a VariantClear 96416->96417 96416->96419 96417->96419 96419->96233 96420->96238 96421->96238 96422->96189 96423->96225 96424->96203 96425->96225 96426->96225 96427->96237 96428->96237 96429->96237 96430->96237 96431->96237 96432->96216 96433->96225 96434->96221 96435->96223 96436->96225 96437->96401 96442 eaddd 96438->96442 96439 eadb6 96439->96237 96440 ffddb 22 API calls 96440->96442 96441 ea961 22 API calls 96441->96442 96442->96439 96442->96440 96442->96441 96444 eadcd 22 API calls 96442->96444 96445 ea8c7 22 API calls __fread_nolock 96442->96445 96444->96442 96445->96442 96446->96419 96447->96419 96494 16aff9 96448->96494 96452 16aff9 217 API calls 96451->96452 96454 16ac0c 96452->96454 96453 16ac54 96453->96292 96454->96453 96455 eaceb 23 API calls 96454->96455 96455->96453 96457 eb567 39 API calls 96456->96457 96458 ff659 96457->96458 96459 ff661 timeGetTime 96458->96459 96460 13f2dc Sleep 96458->96460 96461 eb567 39 API calls 96459->96461 96462 ff677 96461->96462 96462->96292 96649 172ad8 96463->96649 96465 17159f 96465->96292 96467 e7510 53 API calls 96466->96467 96468 155c6d 96467->96468 96660 14dbbe lstrlenW 96468->96660 96470 155c77 96470->96292 96472 e7510 53 API calls 96471->96472 96473 16a306 96472->96473 96474 14d4dc 47 API calls 96473->96474 96475 16a315 96474->96475 96475->96292 96476->96285 96477->96253 96479 e9cc2 _wcslen 96478->96479 96480 ffe0b 22 API calls 96479->96480 96481 e9cea __fread_nolock 96480->96481 96482 ffddb 22 API calls 96481->96482 96483 e9d00 96482->96483 96483->96265 96484->96256 96485->96278 96486->96278 96487->96254 96488->96292 96489->96292 96490->96292 96491->96290 96492->96292 96493->96292 96495 16b01d ___scrt_fastfail 96494->96495 96496 16b094 96495->96496 96497 16b058 96495->96497 96501 eb567 39 API calls 96496->96501 96503 16b08b 96496->96503 96615 eb567 96497->96615 96499 16b063 96499->96503 96507 eb567 39 API calls 96499->96507 96500 16b0ed 96585 e7510 96500->96585 96502 16b0a5 96501->96502 96506 eb567 39 API calls 96502->96506 96503->96500 96508 eb567 39 API calls 96503->96508 96506->96503 96510 16b078 96507->96510 96508->96500 96512 eb567 39 API calls 96510->96512 96511 16b115 96513 16b11f 96511->96513 96514 16b1d8 96511->96514 96512->96503 96515 e7510 53 API calls 96513->96515 96516 16b20a GetCurrentDirectoryW 96514->96516 96519 e7510 53 API calls 96514->96519 96517 16b130 96515->96517 96518 ffe0b 22 API calls 96516->96518 96520 e7620 22 API calls 96517->96520 96521 16b22f GetCurrentDirectoryW 96518->96521 96522 16b1ef 96519->96522 96523 16b13a 96520->96523 96524 16b23c 96521->96524 96525 e7620 22 API calls 96522->96525 96527 e7510 53 API calls 96523->96527 96529 16b275 96524->96529 96620 e9c6e 22 API calls 96524->96620 96526 16b1f9 _wcslen 96525->96526 96526->96516 96526->96529 96528 16b14b 96527->96528 96530 e7620 22 API calls 96528->96530 96534 16b287 96529->96534 96535 16b28b 96529->96535 96532 16b155 96530->96532 96536 e7510 53 API calls 96532->96536 96533 16b255 96621 e9c6e 22 API calls 96533->96621 96542 16b39a CreateProcessW 96534->96542 96543 16b2f8 96534->96543 96623 1507c0 10 API calls 96535->96623 96539 16b166 96536->96539 96544 e7620 22 API calls 96539->96544 96540 16b265 96622 e9c6e 22 API calls 96540->96622 96541 16b294 96624 1506e6 10 API calls 96541->96624 96569 16b32f _wcslen 96542->96569 96626 1411c8 39 API calls 96543->96626 96548 16b170 96544->96548 96549 16b1a6 GetSystemDirectoryW 96548->96549 96552 e7510 53 API calls 96548->96552 96554 ffe0b 22 API calls 96549->96554 96550 16b2aa 96625 1505a7 8 API calls 96550->96625 96551 16b2fd 96555 16b323 96551->96555 96556 16b32a 96551->96556 96558 16b187 96552->96558 96561 16b1cb GetSystemDirectoryW 96554->96561 96627 141201 128 API calls 2 library calls 96555->96627 96628 1414ce 6 API calls 96556->96628 96563 e7620 22 API calls 96558->96563 96560 16b2d0 96560->96534 96561->96524 96562 16b328 96562->96569 96564 16b191 _wcslen 96563->96564 96564->96524 96564->96549 96565 16b3d6 GetLastError 96575 16b41a 96565->96575 96566 16b42f CloseHandle 96567 16b43f 96566->96567 96576 16b49a 96566->96576 96570 16b446 CloseHandle 96567->96570 96571 16b451 96567->96571 96569->96565 96569->96566 96569->96569 96570->96571 96573 16b463 96571->96573 96574 16b458 CloseHandle 96571->96574 96572 16b4a6 96572->96575 96577 16b475 96573->96577 96578 16b46a CloseHandle 96573->96578 96574->96573 96612 150175 96575->96612 96576->96572 96581 16b4d2 CloseHandle 96576->96581 96629 1509d9 34 API calls 96577->96629 96578->96577 96581->96575 96583 16b486 96630 16b536 25 API calls 96583->96630 96586 e7525 96585->96586 96587 e7522 96585->96587 96588 e752d 96586->96588 96589 e755b 96586->96589 96608 e7620 96587->96608 96631 1051c6 26 API calls 96588->96631 96590 1250f6 96589->96590 96592 e756d 96589->96592 96600 12500f 96589->96600 96634 105183 26 API calls 96590->96634 96632 ffb21 51 API calls 96592->96632 96593 e753d 96599 ffddb 22 API calls 96593->96599 96596 125088 96633 ffb21 51 API calls 96596->96633 96597 12510e 96597->96597 96601 e7547 96599->96601 96600->96596 96603 ffe0b 22 API calls 96600->96603 96602 e9cb3 22 API calls 96601->96602 96602->96587 96604 125058 96603->96604 96605 ffddb 22 API calls 96604->96605 96606 12507f 96605->96606 96607 e9cb3 22 API calls 96606->96607 96607->96596 96609 e762a _wcslen 96608->96609 96610 ffe0b 22 API calls 96609->96610 96611 e763f 96610->96611 96611->96511 96635 15030f 96612->96635 96616 eb578 96615->96616 96617 eb57f 96615->96617 96616->96617 96648 1062d1 39 API calls _strftime 96616->96648 96617->96499 96619 eb5c2 96619->96499 96620->96533 96621->96540 96622->96529 96623->96541 96624->96550 96625->96560 96626->96551 96627->96562 96628->96569 96629->96583 96630->96576 96631->96593 96632->96593 96633->96590 96634->96597 96636 150321 CloseHandle 96635->96636 96637 150329 96635->96637 96636->96637 96638 150336 96637->96638 96639 15032e CloseHandle 96637->96639 96640 150343 96638->96640 96641 15033b CloseHandle 96638->96641 96639->96638 96642 150350 96640->96642 96643 150348 CloseHandle 96640->96643 96641->96640 96644 150355 CloseHandle 96642->96644 96645 15035d 96642->96645 96643->96642 96644->96645 96646 150362 CloseHandle 96645->96646 96647 15017d 96645->96647 96646->96647 96647->96292 96648->96619 96650 eaceb 23 API calls 96649->96650 96651 172af3 96650->96651 96652 172aff 96651->96652 96653 172b1d 96651->96653 96654 e7510 53 API calls 96652->96654 96655 e6b57 22 API calls 96653->96655 96656 172b0c 96654->96656 96658 172b1b 96655->96658 96656->96658 96659 ea8c7 22 API calls __fread_nolock 96656->96659 96658->96465 96659->96658 96661 14dc06 96660->96661 96662 14dbdc GetFileAttributesW 96660->96662 96661->96470 96662->96661 96663 14dbe8 FindFirstFileW 96662->96663 96663->96661 96664 14dbf9 FindClose 96663->96664 96664->96661 96666 f0206 96665->96666 96679 f027e 96665->96679 96667 135411 96666->96667 96668 f0213 96666->96668 96751 167b7e 348 API calls 2 library calls 96667->96751 96675 135435 96668->96675 96676 f021d 96668->96676 96669 135405 96750 15359c 82 API calls __wsopen_s 96669->96750 96671 eec40 348 API calls 96671->96679 96674 135466 96677 135493 96674->96677 96678 135471 96674->96678 96675->96674 96684 13544d 96675->96684 96681 f0230 messages 96676->96681 96756 ea8c7 22 API calls __fread_nolock 96676->96756 96733 165689 96677->96733 96753 167b7e 348 API calls 2 library calls 96678->96753 96679->96671 96683 f0405 96679->96683 96686 f03b2 messages 96679->96686 96687 1351b9 96679->96687 96697 f0344 96679->96697 96701 1351ce messages 96679->96701 96705 f03f9 96679->96705 96693 13568a 96681->96693 96696 f0273 messages 96681->96696 96757 167632 54 API calls __wsopen_s 96681->96757 96683->96322 96752 15359c 82 API calls __wsopen_s 96684->96752 96686->96669 96686->96681 96691 135332 96686->96691 96686->96696 96748 fa308 348 API calls 96686->96748 96746 15359c 82 API calls __wsopen_s 96687->96746 96691->96681 96749 ea8c7 22 API calls __fread_nolock 96691->96749 96699 1356c0 96693->96699 96758 167771 67 API calls 96693->96758 96694 135532 96754 151119 22 API calls 96694->96754 96695 1354b9 96740 150acc 96695->96740 96696->96322 96697->96705 96744 f04f0 22 API calls 96697->96744 96704 eaceb 23 API calls 96699->96704 96701->96686 96701->96696 96747 15359c 82 API calls __wsopen_s 96701->96747 96702 135668 96706 e7510 53 API calls 96702->96706 96704->96696 96705->96683 96745 15359c 82 API calls __wsopen_s 96705->96745 96718 135670 _wcslen 96706->96718 96707 13569e 96711 e7510 53 API calls 96707->96711 96721 1356a6 _wcslen 96711->96721 96712 135544 96755 ea673 22 API calls 96712->96755 96713 f03a5 96713->96686 96713->96705 96717 13554d 96723 150acc 22 API calls 96717->96723 96718->96693 96720 eaceb 23 API calls 96718->96720 96719 f1310 348 API calls 96719->96681 96720->96693 96721->96699 96722 eaceb 23 API calls 96721->96722 96722->96699 96724 135566 96723->96724 96725 ebf40 348 API calls 96724->96725 96725->96681 96726->96322 96727->96319 96728->96319 96729->96319 96730->96319 96731->96305 96732->96319 96734 1656a4 96733->96734 96735 13549e 96733->96735 96736 ffe0b 22 API calls 96734->96736 96735->96694 96735->96695 96738 1656c6 96736->96738 96737 ffddb 22 API calls 96737->96738 96738->96735 96738->96737 96759 150a59 96738->96759 96741 150ada 96740->96741 96743 1354e3 96740->96743 96742 ffddb 22 API calls 96741->96742 96741->96743 96742->96743 96743->96719 96744->96713 96745->96696 96746->96701 96747->96686 96748->96686 96749->96681 96750->96667 96751->96681 96752->96696 96753->96681 96754->96712 96755->96717 96756->96681 96757->96702 96758->96707 96760 150a7a 96759->96760 96761 ffddb 22 API calls 96760->96761 96762 150a85 96760->96762 96761->96762 96762->96738 96767 14df02 96763->96767 96764 14df19 96773 1062fb 39 API calls _strftime 96764->96773 96767->96764 96768 14df1f 96767->96768 96772 1063b2 GetStringTypeW _strftime 96767->96772 96768->96336 96769->96336 96770->96336 96771->96336 96772->96767 96773->96768 96774 e105b 96779 e344d 96774->96779 96776 e106a 96810 1000a3 29 API calls __onexit 96776->96810 96778 e1074 96780 e345d __wsopen_s 96779->96780 96781 ea961 22 API calls 96780->96781 96782 e3513 96781->96782 96811 e3a5a 96782->96811 96784 e351c 96818 e3357 96784->96818 96791 ea961 22 API calls 96792 e354d 96791->96792 96839 ea6c3 96792->96839 96795 123176 RegQueryValueExW 96796 123193 96795->96796 96797 12320c RegCloseKey 96795->96797 96798 ffe0b 22 API calls 96796->96798 96799 e3578 96797->96799 96809 12321e _wcslen 96797->96809 96800 1231ac 96798->96800 96799->96776 96845 e5722 96800->96845 96801 e4c6d 22 API calls 96801->96809 96804 1231d4 96805 e6b57 22 API calls 96804->96805 96806 1231ee messages 96805->96806 96806->96797 96807 e9cb3 22 API calls 96807->96809 96808 e515f 22 API calls 96808->96809 96809->96799 96809->96801 96809->96807 96809->96808 96810->96778 96848 121f50 96811->96848 96814 e9cb3 22 API calls 96815 e3a8d 96814->96815 96850 e3aa2 96815->96850 96817 e3a97 96817->96784 96819 121f50 __wsopen_s 96818->96819 96820 e3364 GetFullPathNameW 96819->96820 96821 e3386 96820->96821 96822 e6b57 22 API calls 96821->96822 96823 e33a4 96822->96823 96824 e33c6 96823->96824 96825 e33dd 96824->96825 96826 1230bb 96824->96826 96864 e33ee 96825->96864 96828 ffddb 22 API calls 96826->96828 96830 1230c5 _wcslen 96828->96830 96829 e33e8 96833 e515f 96829->96833 96831 ffe0b 22 API calls 96830->96831 96832 1230fe __fread_nolock 96831->96832 96834 e516e 96833->96834 96838 e518f __fread_nolock 96833->96838 96836 ffe0b 22 API calls 96834->96836 96835 ffddb 22 API calls 96837 e3544 96835->96837 96836->96838 96837->96791 96838->96835 96840 ea6dd 96839->96840 96844 e3556 RegOpenKeyExW 96839->96844 96841 ffddb 22 API calls 96840->96841 96842 ea6e7 96841->96842 96843 ffe0b 22 API calls 96842->96843 96843->96844 96844->96795 96844->96799 96846 ffddb 22 API calls 96845->96846 96847 e5734 RegQueryValueExW 96846->96847 96847->96804 96847->96806 96849 e3a67 GetModuleFileNameW 96848->96849 96849->96814 96851 121f50 __wsopen_s 96850->96851 96852 e3aaf GetFullPathNameW 96851->96852 96853 e3ace 96852->96853 96854 e3ae9 96852->96854 96856 e6b57 22 API calls 96853->96856 96855 ea6c3 22 API calls 96854->96855 96857 e3ada 96855->96857 96856->96857 96860 e37a0 96857->96860 96861 e37ae 96860->96861 96862 e93b2 22 API calls 96861->96862 96863 e37c2 96862->96863 96863->96817 96865 e33fe _wcslen 96864->96865 96866 12311d 96865->96866 96867 e3411 96865->96867 96869 ffddb 22 API calls 96866->96869 96874 ea587 96867->96874 96870 123127 96869->96870 96872 ffe0b 22 API calls 96870->96872 96871 e341e __fread_nolock 96871->96829 96873 123157 __fread_nolock 96872->96873 96875 ea59d 96874->96875 96878 ea598 __fread_nolock 96874->96878 96876 12f80f 96875->96876 96877 ffe0b 22 API calls 96875->96877 96877->96878 96878->96871 96879 e1098 96884 e42de 96879->96884 96883 e10a7 96885 ea961 22 API calls 96884->96885 96886 e42f5 GetVersionExW 96885->96886 96887 e6b57 22 API calls 96886->96887 96888 e4342 96887->96888 96889 e93b2 22 API calls 96888->96889 96894 e4378 96888->96894 96890 e436c 96889->96890 96892 e37a0 22 API calls 96890->96892 96891 e441b GetCurrentProcess IsWow64Process 96893 e4437 96891->96893 96892->96894 96896 e444f LoadLibraryA 96893->96896 96897 123824 GetSystemInfo 96893->96897 96894->96891 96895 1237df 96894->96895 96898 e449c GetSystemInfo 96896->96898 96899 e4460 GetProcAddress 96896->96899 96900 e4476 96898->96900 96899->96898 96901 e4470 GetNativeSystemInfo 96899->96901 96902 e447a FreeLibrary 96900->96902 96903 e109d 96900->96903 96901->96900 96902->96903 96904 1000a3 29 API calls __onexit 96903->96904 96904->96883 96905 ff698 96906 ff6c3 96905->96906 96907 ff6a2 96905->96907 96913 13f2f8 96906->96913 96922 144d4a 22 API calls messages 96906->96922 96914 eaf8a 96907->96914 96910 ff6b2 96911 eaf8a 22 API calls 96910->96911 96912 ff6c2 96911->96912 96915 eaf98 96914->96915 96921 eafc0 messages 96914->96921 96916 eafa6 96915->96916 96917 eaf8a 22 API calls 96915->96917 96918 eafac 96916->96918 96919 eaf8a 22 API calls 96916->96919 96917->96916 96918->96921 96923 eb090 96918->96923 96919->96918 96921->96910 96922->96906 96924 eb09b messages 96923->96924 96926 eb0d6 messages 96924->96926 96927 fce17 22 API calls messages 96924->96927 96926->96921 96927->96926 96928 e3156 96931 e3170 96928->96931 96932 e3187 96931->96932 96933 e318c 96932->96933 96934 e31eb 96932->96934 96969 e31e9 96932->96969 96935 e3199 96933->96935 96936 e3265 PostQuitMessage 96933->96936 96938 122dfb 96934->96938 96939 e31f1 96934->96939 96941 e31a4 96935->96941 96942 122e7c 96935->96942 96972 e316a 96936->96972 96937 e31d0 DefWindowProcW 96937->96972 96990 e18e2 10 API calls 96938->96990 96943 e321d SetTimer RegisterWindowMessageW 96939->96943 96944 e31f8 96939->96944 96948 e31ae 96941->96948 96949 122e68 96941->96949 97003 14bf30 34 API calls ___scrt_fastfail 96942->97003 96950 e3246 CreatePopupMenu 96943->96950 96943->96972 96945 122d9c 96944->96945 96946 e3201 KillTimer 96944->96946 96958 122da1 96945->96958 96959 122dd7 MoveWindow 96945->96959 96976 e30f2 96946->96976 96947 122e1c 96991 fe499 42 API calls 96947->96991 96955 e31b9 96948->96955 96956 122e4d 96948->96956 96980 14c161 96949->96980 96950->96972 96961 e3253 96955->96961 96967 e31c4 96955->96967 96956->96937 97002 140ad7 22 API calls 96956->97002 96957 122e8e 96957->96937 96957->96972 96962 122dc6 SetFocus 96958->96962 96963 122da7 96958->96963 96959->96972 96988 e326f 44 API calls ___scrt_fastfail 96961->96988 96962->96972 96963->96967 96968 122db0 96963->96968 96967->96937 96973 e30f2 Shell_NotifyIconW 96967->96973 96989 e18e2 10 API calls 96968->96989 96969->96937 96970 e3263 96970->96972 96974 122e41 96973->96974 96992 e3837 96974->96992 96977 e3154 96976->96977 96978 e3104 ___scrt_fastfail 96976->96978 96987 e3c50 DeleteObject DestroyWindow 96977->96987 96979 e3123 Shell_NotifyIconW 96978->96979 96979->96977 96981 14c276 96980->96981 96982 14c179 ___scrt_fastfail 96980->96982 96981->96972 97004 e3923 96982->97004 96984 14c25f KillTimer SetTimer 96984->96981 96985 14c1a0 96985->96984 96986 14c251 Shell_NotifyIconW 96985->96986 96986->96984 96987->96972 96988->96970 96989->96972 96990->96947 96991->96967 96993 e3862 ___scrt_fastfail 96992->96993 97034 e4212 96993->97034 96996 e38e8 96998 123386 Shell_NotifyIconW 96996->96998 96999 e3906 Shell_NotifyIconW 96996->96999 97000 e3923 24 API calls 96999->97000 97001 e391c 97000->97001 97001->96969 97002->96969 97003->96957 97005 e393f 97004->97005 97024 e3a13 97004->97024 97026 e6270 97005->97026 97008 123393 LoadStringW 97011 1233ad 97008->97011 97009 e395a 97010 e6b57 22 API calls 97009->97010 97012 e396f 97010->97012 97020 e3994 ___scrt_fastfail 97011->97020 97032 ea8c7 22 API calls __fread_nolock 97011->97032 97013 e397c 97012->97013 97014 1233c9 97012->97014 97013->97011 97016 e3986 97013->97016 97033 e6350 22 API calls 97014->97033 97031 e6350 22 API calls 97016->97031 97019 1233d7 97019->97020 97021 e33c6 22 API calls 97019->97021 97022 e39f9 Shell_NotifyIconW 97020->97022 97023 1233f9 97021->97023 97022->97024 97025 e33c6 22 API calls 97023->97025 97024->96985 97025->97020 97027 ffe0b 22 API calls 97026->97027 97028 e6295 97027->97028 97029 ffddb 22 API calls 97028->97029 97030 e394d 97029->97030 97030->97008 97030->97009 97031->97020 97032->97020 97033->97019 97035 1235a4 97034->97035 97036 e38b7 97034->97036 97035->97036 97037 1235ad DestroyIcon 97035->97037 97036->96996 97038 14c874 42 API calls _strftime 97036->97038 97037->97036 97038->96996 97039 e1cad SystemParametersInfoW 97040 133f75 97051 fceb1 97040->97051 97042 133f8b 97043 134006 97042->97043 97060 fe300 23 API calls 97042->97060 97045 ebf40 348 API calls 97043->97045 97049 134052 97045->97049 97047 134a88 97048 133fe6 97048->97049 97061 151abf 22 API calls 97048->97061 97049->97047 97062 15359c 82 API calls __wsopen_s 97049->97062 97052 fcebf 97051->97052 97053 fced2 97051->97053 97054 eaceb 23 API calls 97052->97054 97055 fced7 97053->97055 97056 fcf05 97053->97056 97059 fcec9 97054->97059 97057 ffddb 22 API calls 97055->97057 97058 eaceb 23 API calls 97056->97058 97057->97059 97058->97059 97059->97042 97060->97048 97061->97043 97062->97047 97063 13d27a GetUserNameW 97064 13d292 97063->97064 97065 112df8 GetLastError 97066 112e11 97065->97066 97067 112e17 97065->97067 97091 11320e 11 API calls 2 library calls 97066->97091 97071 112e6e SetLastError 97067->97071 97084 114c7d 97067->97084 97073 112e77 97071->97073 97075 112e46 97077 112e31 97075->97077 97078 112e4d 97075->97078 97076 112e37 97079 112e65 SetLastError 97076->97079 97092 1129c8 97077->97092 97099 112be6 20 API calls FindHandlerForForeignException 97078->97099 97079->97073 97081 112e58 97082 1129c8 _free 17 API calls 97081->97082 97083 112e5e 97082->97083 97083->97071 97083->97079 97090 114c8a FindHandlerForForeignException 97084->97090 97085 114cca 97101 10f2d9 20 API calls _abort 97085->97101 97086 114cb5 RtlAllocateHeap 97087 112e29 97086->97087 97086->97090 97087->97077 97098 113264 11 API calls 2 library calls 97087->97098 97090->97085 97090->97086 97100 104ead 7 API calls 2 library calls 97090->97100 97091->97067 97093 1129fc _free 97092->97093 97094 1129d3 RtlFreeHeap 97092->97094 97093->97076 97094->97093 97095 1129e8 97094->97095 97102 10f2d9 20 API calls _abort 97095->97102 97097 1129ee GetLastError 97097->97093 97098->97075 97099->97081 97100->97090 97101->97087 97102->97097 97103 edee5 97106 eb710 97103->97106 97107 eb72b 97106->97107 97108 130146 97107->97108 97109 1300f8 97107->97109 97134 eb750 97107->97134 97148 1658a2 348 API calls 2 library calls 97108->97148 97112 130102 97109->97112 97114 13010f 97109->97114 97109->97134 97146 165d33 348 API calls 97112->97146 97132 eba20 97114->97132 97147 1661d0 348 API calls 2 library calls 97114->97147 97118 1303d9 97118->97118 97122 eba4e 97123 130322 97151 165c0c 82 API calls 97123->97151 97127 eaceb 23 API calls 97127->97134 97130 fd336 40 API calls 97130->97134 97131 ebbe0 40 API calls 97131->97134 97132->97122 97152 15359c 82 API calls __wsopen_s 97132->97152 97133 eec40 348 API calls 97133->97134 97134->97122 97134->97123 97134->97127 97134->97130 97134->97131 97134->97132 97134->97133 97137 ea81b 41 API calls 97134->97137 97138 fd2f0 40 API calls 97134->97138 97139 fa01b 348 API calls 97134->97139 97140 100242 5 API calls __Init_thread_wait 97134->97140 97141 fedcd 22 API calls 97134->97141 97142 1000a3 29 API calls __onexit 97134->97142 97143 1001f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97134->97143 97144 fee53 82 API calls 97134->97144 97145 fe5ca 348 API calls 97134->97145 97149 13f6bf 23 API calls 97134->97149 97150 ea8c7 22 API calls __fread_nolock 97134->97150 97137->97134 97138->97134 97139->97134 97140->97134 97141->97134 97142->97134 97143->97134 97144->97134 97145->97134 97146->97114 97147->97132 97148->97134 97149->97134 97150->97134 97151->97132 97152->97118 97153 1003fb 97154 100407 ___DestructExceptionObject 97153->97154 97182 ffeb1 97154->97182 97156 10040e 97157 100561 97156->97157 97160 100438 97156->97160 97212 10083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 97157->97212 97159 100568 97205 104e52 97159->97205 97171 100477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 97160->97171 97193 11247d 97160->97193 97167 100457 97170 1004de 97174 1004f3 97170->97174 97173 1004d8 97171->97173 97208 104e1a 38 API calls 3 library calls 97171->97208 97201 100959 97173->97201 97209 100992 GetModuleHandleW 97174->97209 97176 1004fa 97176->97159 97177 1004fe 97176->97177 97178 100507 97177->97178 97210 104df5 28 API calls _abort 97177->97210 97211 100040 13 API calls 2 library calls 97178->97211 97181 10050f 97181->97167 97183 ffeba 97182->97183 97214 100698 IsProcessorFeaturePresent 97183->97214 97185 ffec6 97215 102c94 10 API calls 3 library calls 97185->97215 97187 ffecb 97192 ffecf 97187->97192 97216 112317 97187->97216 97190 ffee6 97190->97156 97192->97156 97194 112494 97193->97194 97195 100a8c CatchGuardHandler 5 API calls 97194->97195 97196 100451 97195->97196 97196->97167 97197 112421 97196->97197 97200 112450 97197->97200 97198 100a8c CatchGuardHandler 5 API calls 97199 112479 97198->97199 97199->97171 97200->97198 97232 102340 97201->97232 97204 10097f 97204->97170 97234 104bcf 97205->97234 97208->97173 97209->97176 97210->97178 97211->97181 97212->97159 97214->97185 97215->97187 97220 11d1f6 97216->97220 97219 102cbd 8 API calls 3 library calls 97219->97192 97223 11d20f 97220->97223 97222 ffed8 97222->97190 97222->97219 97224 100a8c 97223->97224 97225 100a95 97224->97225 97226 100a97 IsProcessorFeaturePresent 97224->97226 97225->97222 97228 100c5d 97226->97228 97231 100c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97228->97231 97230 100d40 97230->97222 97231->97230 97233 10096c GetStartupInfoW 97232->97233 97233->97204 97235 104bdb FindHandlerForForeignException 97234->97235 97236 104be2 97235->97236 97237 104bf4 97235->97237 97273 104d29 GetModuleHandleW 97236->97273 97258 112f5e EnterCriticalSection 97237->97258 97240 104be7 97240->97237 97274 104d6d GetModuleHandleExW 97240->97274 97241 104c99 97262 104cd9 97241->97262 97245 104c70 97250 104c88 97245->97250 97251 112421 _abort 5 API calls 97245->97251 97247 104bfb 97247->97241 97247->97245 97259 1121a8 97247->97259 97248 104ce2 97282 121d29 5 API calls CatchGuardHandler 97248->97282 97249 104cb6 97265 104ce8 97249->97265 97252 112421 _abort 5 API calls 97250->97252 97251->97250 97252->97241 97258->97247 97283 111ee1 97259->97283 97302 112fa6 LeaveCriticalSection 97262->97302 97264 104cb2 97264->97248 97264->97249 97303 11360c 97265->97303 97268 104d16 97271 104d6d _abort 8 API calls 97268->97271 97269 104cf6 GetPEB 97269->97268 97270 104d06 GetCurrentProcess TerminateProcess 97269->97270 97270->97268 97272 104d1e ExitProcess 97271->97272 97273->97240 97275 104d97 GetProcAddress 97274->97275 97276 104dba 97274->97276 97281 104dac 97275->97281 97277 104dc0 FreeLibrary 97276->97277 97278 104dc9 97276->97278 97277->97278 97279 100a8c CatchGuardHandler 5 API calls 97278->97279 97280 104bf3 97279->97280 97280->97237 97281->97276 97286 111e90 97283->97286 97285 111f05 97285->97245 97287 111e9c ___DestructExceptionObject 97286->97287 97294 112f5e EnterCriticalSection 97287->97294 97289 111eaa 97295 111f31 97289->97295 97293 111ec8 __fread_nolock 97293->97285 97294->97289 97296 111f51 97295->97296 97297 111f59 97295->97297 97298 100a8c CatchGuardHandler 5 API calls 97296->97298 97297->97296 97300 1129c8 _free 20 API calls 97297->97300 97299 111eb7 97298->97299 97301 111ed5 LeaveCriticalSection _abort 97299->97301 97300->97296 97301->97293 97302->97264 97304 113631 97303->97304 97305 113627 97303->97305 97310 112fd7 5 API calls 2 library calls 97304->97310 97307 100a8c CatchGuardHandler 5 API calls 97305->97307 97308 104cf2 97307->97308 97308->97268 97308->97269 97309 113648 97309->97305 97310->97309 97311 e2de3 97312 e2df0 __wsopen_s 97311->97312 97313 e2e09 97312->97313 97314 122c2b ___scrt_fastfail 97312->97314 97315 e3aa2 23 API calls 97313->97315 97316 122c47 GetOpenFileNameW 97314->97316 97317 e2e12 97315->97317 97318 122c96 97316->97318 97327 e2da5 97317->97327 97320 e6b57 22 API calls 97318->97320 97322 122cab 97320->97322 97322->97322 97324 e2e27 97345 e44a8 97324->97345 97328 121f50 __wsopen_s 97327->97328 97329 e2db2 GetLongPathNameW 97328->97329 97330 e6b57 22 API calls 97329->97330 97331 e2dda 97330->97331 97332 e3598 97331->97332 97333 ea961 22 API calls 97332->97333 97334 e35aa 97333->97334 97335 e3aa2 23 API calls 97334->97335 97336 e35b5 97335->97336 97337 1232eb 97336->97337 97338 e35c0 97336->97338 97342 12330d 97337->97342 97381 fce60 41 API calls 97337->97381 97340 e515f 22 API calls 97338->97340 97341 e35cc 97340->97341 97375 e35f3 97341->97375 97344 e35df 97344->97324 97382 e4ecb 97345->97382 97348 123833 97404 152cf9 97348->97404 97349 e4ecb 94 API calls 97351 e44e1 97349->97351 97351->97348 97353 e44e9 97351->97353 97352 123848 97354 123869 97352->97354 97355 12384c 97352->97355 97357 123854 97353->97357 97358 e44f5 97353->97358 97356 ffe0b 22 API calls 97354->97356 97445 e4f39 97355->97445 97374 1238ae 97356->97374 97451 14da5a 82 API calls 97357->97451 97444 e940c 136 API calls 2 library calls 97358->97444 97362 123862 97362->97354 97363 e2e31 97364 123a5f 97369 123a67 97364->97369 97365 e4f39 68 API calls 97365->97369 97369->97365 97455 14989b 82 API calls __wsopen_s 97369->97455 97371 e9cb3 22 API calls 97371->97374 97374->97364 97374->97369 97374->97371 97430 ea4a1 97374->97430 97438 e3ff7 97374->97438 97452 14967e 22 API calls __fread_nolock 97374->97452 97453 1495ad 42 API calls _wcslen 97374->97453 97454 150b5a 22 API calls 97374->97454 97376 e3605 97375->97376 97380 e3624 __fread_nolock 97375->97380 97378 ffe0b 22 API calls 97376->97378 97377 ffddb 22 API calls 97379 e363b 97377->97379 97378->97380 97379->97344 97380->97377 97381->97337 97456 e4e90 LoadLibraryA 97382->97456 97387 e4ef6 LoadLibraryExW 97464 e4e59 LoadLibraryA 97387->97464 97388 123ccf 97390 e4f39 68 API calls 97388->97390 97392 123cd6 97390->97392 97394 e4e59 3 API calls 97392->97394 97396 123cde 97394->97396 97395 e4f20 97395->97396 97397 e4f2c 97395->97397 97486 e50f5 40 API calls __fread_nolock 97396->97486 97399 e4f39 68 API calls 97397->97399 97401 e44cd 97399->97401 97400 123cf5 97487 1528fe 27 API calls 97400->97487 97401->97348 97401->97349 97403 123d05 97405 152d15 97404->97405 97551 e511f 64 API calls 97405->97551 97407 152d29 97552 152e66 75 API calls 97407->97552 97409 152d3b 97428 152d3f 97409->97428 97553 e50f5 40 API calls __fread_nolock 97409->97553 97411 152d56 97554 e50f5 40 API calls __fread_nolock 97411->97554 97413 152d66 97555 e50f5 40 API calls __fread_nolock 97413->97555 97415 152d81 97556 e50f5 40 API calls __fread_nolock 97415->97556 97417 152d9c 97557 e511f 64 API calls 97417->97557 97419 152db3 97420 10ea0c ___std_exception_copy 21 API calls 97419->97420 97421 152dba 97420->97421 97422 10ea0c ___std_exception_copy 21 API calls 97421->97422 97423 152dc4 97422->97423 97558 e50f5 40 API calls __fread_nolock 97423->97558 97425 152dd8 97559 1528fe 27 API calls 97425->97559 97427 152dee 97427->97428 97560 1522ce 79 API calls 97427->97560 97428->97352 97431 ea52b 97430->97431 97437 ea4b1 __fread_nolock 97430->97437 97433 ffe0b 22 API calls 97431->97433 97432 ffddb 22 API calls 97434 ea4b8 97432->97434 97433->97437 97435 ffddb 22 API calls 97434->97435 97436 ea4d6 97434->97436 97435->97436 97436->97374 97437->97432 97439 e40ae 97438->97439 97440 e400a 97438->97440 97439->97374 97442 ffe0b 22 API calls 97440->97442 97443 e403c 97440->97443 97441 ffddb 22 API calls 97441->97443 97442->97443 97443->97439 97443->97441 97444->97363 97446 e4f43 97445->97446 97448 e4f4a 97445->97448 97561 10e678 97446->97561 97449 e4f6a FreeLibrary 97448->97449 97450 e4f59 97448->97450 97449->97450 97450->97357 97451->97362 97452->97374 97453->97374 97454->97374 97455->97369 97457 e4ea8 GetProcAddress 97456->97457 97458 e4ec6 97456->97458 97459 e4eb8 97457->97459 97461 10e5eb 97458->97461 97459->97458 97460 e4ebf FreeLibrary 97459->97460 97460->97458 97488 10e52a 97461->97488 97463 e4eea 97463->97387 97463->97388 97465 e4e6e GetProcAddress 97464->97465 97466 e4e8d 97464->97466 97467 e4e7e 97465->97467 97469 e4f80 97466->97469 97467->97466 97468 e4e86 FreeLibrary 97467->97468 97468->97466 97470 ffe0b 22 API calls 97469->97470 97471 e4f95 97470->97471 97472 e5722 22 API calls 97471->97472 97473 e4fa1 __fread_nolock 97472->97473 97474 e50a5 97473->97474 97475 123d1d 97473->97475 97485 e4fdc 97473->97485 97540 e42a2 CreateStreamOnHGlobal 97474->97540 97548 15304d 74 API calls 97475->97548 97478 123d22 97549 e511f 64 API calls 97478->97549 97481 123d45 97550 e50f5 40 API calls __fread_nolock 97481->97550 97483 e506e messages 97483->97395 97485->97478 97485->97483 97546 e50f5 40 API calls __fread_nolock 97485->97546 97547 e511f 64 API calls 97485->97547 97486->97400 97487->97403 97491 10e536 ___DestructExceptionObject 97488->97491 97489 10e544 97513 10f2d9 20 API calls _abort 97489->97513 97491->97489 97493 10e574 97491->97493 97492 10e549 97514 1127ec 26 API calls __fread_nolock 97492->97514 97495 10e586 97493->97495 97496 10e579 97493->97496 97505 118061 97495->97505 97515 10f2d9 20 API calls _abort 97496->97515 97499 10e58f 97500 10e5a2 97499->97500 97501 10e595 97499->97501 97517 10e5d4 LeaveCriticalSection __fread_nolock 97500->97517 97516 10f2d9 20 API calls _abort 97501->97516 97503 10e554 __fread_nolock 97503->97463 97506 11806d ___DestructExceptionObject 97505->97506 97518 112f5e EnterCriticalSection 97506->97518 97508 11807b 97519 1180fb 97508->97519 97512 1180ac __fread_nolock 97512->97499 97513->97492 97514->97503 97515->97503 97516->97503 97517->97503 97518->97508 97526 11811e 97519->97526 97520 118177 97521 114c7d FindHandlerForForeignException 20 API calls 97520->97521 97522 118180 97521->97522 97524 1129c8 _free 20 API calls 97522->97524 97525 118189 97524->97525 97531 118088 97525->97531 97537 113405 11 API calls 2 library calls 97525->97537 97526->97520 97526->97526 97526->97531 97535 10918d EnterCriticalSection 97526->97535 97536 1091a1 LeaveCriticalSection 97526->97536 97528 1181a8 97538 10918d EnterCriticalSection 97528->97538 97532 1180b7 97531->97532 97539 112fa6 LeaveCriticalSection 97532->97539 97534 1180be 97534->97512 97535->97526 97536->97526 97537->97528 97538->97531 97539->97534 97541 e42bc FindResourceExW 97540->97541 97545 e42d9 97540->97545 97542 1235ba LoadResource 97541->97542 97541->97545 97543 1235cf SizeofResource 97542->97543 97542->97545 97544 1235e3 LockResource 97543->97544 97543->97545 97544->97545 97545->97485 97546->97485 97547->97485 97548->97478 97549->97481 97550->97483 97551->97407 97552->97409 97553->97411 97554->97413 97555->97415 97556->97417 97557->97419 97558->97425 97559->97427 97560->97428 97562 10e684 ___DestructExceptionObject 97561->97562 97563 10e695 97562->97563 97564 10e6aa 97562->97564 97574 10f2d9 20 API calls _abort 97563->97574 97573 10e6a5 __fread_nolock 97564->97573 97576 10918d EnterCriticalSection 97564->97576 97567 10e69a 97575 1127ec 26 API calls __fread_nolock 97567->97575 97568 10e6c6 97577 10e602 97568->97577 97571 10e6d1 97593 10e6ee LeaveCriticalSection __fread_nolock 97571->97593 97573->97448 97574->97567 97575->97573 97576->97568 97578 10e624 97577->97578 97579 10e60f 97577->97579 97585 10e61f 97578->97585 97596 10dc0b 97578->97596 97594 10f2d9 20 API calls _abort 97579->97594 97582 10e614 97595 1127ec 26 API calls __fread_nolock 97582->97595 97585->97571 97589 10e646 97613 11862f 97589->97613 97592 1129c8 _free 20 API calls 97592->97585 97593->97573 97594->97582 97595->97585 97597 10dc23 97596->97597 97598 10dc1f 97596->97598 97597->97598 97599 10d955 __fread_nolock 26 API calls 97597->97599 97602 114d7a 97598->97602 97600 10dc43 97599->97600 97628 1159be 62 API calls 5 library calls 97600->97628 97603 114d90 97602->97603 97604 10e640 97602->97604 97603->97604 97605 1129c8 _free 20 API calls 97603->97605 97606 10d955 97604->97606 97605->97604 97607 10d961 97606->97607 97608 10d976 97606->97608 97629 10f2d9 20 API calls _abort 97607->97629 97608->97589 97610 10d966 97630 1127ec 26 API calls __fread_nolock 97610->97630 97612 10d971 97612->97589 97614 118653 97613->97614 97615 11863e 97613->97615 97616 11868e 97614->97616 97620 11867a 97614->97620 97631 10f2c6 20 API calls _abort 97615->97631 97636 10f2c6 20 API calls _abort 97616->97636 97619 118643 97632 10f2d9 20 API calls _abort 97619->97632 97633 118607 97620->97633 97621 118693 97637 10f2d9 20 API calls _abort 97621->97637 97625 10e64c 97625->97585 97625->97592 97626 11869b 97638 1127ec 26 API calls __fread_nolock 97626->97638 97628->97598 97629->97610 97630->97612 97631->97619 97632->97625 97639 118585 97633->97639 97635 11862b 97635->97625 97636->97621 97637->97626 97638->97625 97640 118591 ___DestructExceptionObject 97639->97640 97650 115147 EnterCriticalSection 97640->97650 97642 11859f 97643 1185d1 97642->97643 97644 1185c6 97642->97644 97651 10f2d9 20 API calls _abort 97643->97651 97645 1186ae __wsopen_s 29 API calls 97644->97645 97647 1185cc 97645->97647 97652 1185fb LeaveCriticalSection __wsopen_s 97647->97652 97649 1185ee __fread_nolock 97649->97635 97650->97642 97651->97647 97652->97649 97653 edefc 97656 e1d6f 97653->97656 97655 edf07 97657 e1d8c 97656->97657 97658 e1f6f 348 API calls 97657->97658 97659 e1da6 97658->97659 97660 122759 97659->97660 97662 e1e36 97659->97662 97663 e1dc2 97659->97663 97666 15359c 82 API calls __wsopen_s 97660->97666 97662->97655 97663->97662 97665 e289a 23 API calls 97663->97665 97665->97662 97666->97662 97667 122ba5 97668 e2b25 97667->97668 97669 122baf 97667->97669 97695 e2b83 7 API calls 97668->97695 97671 e3a5a 24 API calls 97669->97671 97673 122bb8 97671->97673 97675 e9cb3 22 API calls 97673->97675 97677 122bc6 97675->97677 97676 e2b2f 97680 e3837 49 API calls 97676->97680 97687 e2b44 97676->97687 97678 122bf5 97677->97678 97679 122bce 97677->97679 97682 e33c6 22 API calls 97678->97682 97681 e33c6 22 API calls 97679->97681 97680->97687 97683 122bd9 97681->97683 97684 122bf1 GetForegroundWindow ShellExecuteW 97682->97684 97699 e6350 22 API calls 97683->97699 97689 122c26 97684->97689 97686 e2b5f 97693 e2b66 SetCurrentDirectoryW 97686->97693 97687->97686 97690 e30f2 Shell_NotifyIconW 97687->97690 97689->97686 97690->97686 97691 122be7 97692 e33c6 22 API calls 97691->97692 97692->97684 97694 e2b7a 97693->97694 97700 e2cd4 7 API calls 97695->97700 97697 e2b2a 97698 e2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97697->97698 97698->97676 97699->97691 97700->97697 97701 e2e37 97702 ea961 22 API calls 97701->97702 97703 e2e4d 97702->97703 97780 e4ae3 97703->97780 97705 e2e6b 97706 e3a5a 24 API calls 97705->97706 97707 e2e7f 97706->97707 97708 e9cb3 22 API calls 97707->97708 97709 e2e8c 97708->97709 97710 e4ecb 94 API calls 97709->97710 97711 e2ea5 97710->97711 97712 122cb0 97711->97712 97713 e2ead 97711->97713 97714 152cf9 80 API calls 97712->97714 97794 ea8c7 22 API calls __fread_nolock 97713->97794 97715 122cc3 97714->97715 97716 122ccf 97715->97716 97718 e4f39 68 API calls 97715->97718 97721 e4f39 68 API calls 97716->97721 97718->97716 97719 e2ec3 97795 e6f88 22 API calls 97719->97795 97724 122ce5 97721->97724 97722 e2ecf 97723 e9cb3 22 API calls 97722->97723 97725 e2edc 97723->97725 97812 e3084 22 API calls 97724->97812 97796 ea81b 41 API calls 97725->97796 97727 e2eec 97730 e9cb3 22 API calls 97727->97730 97729 122d02 97813 e3084 22 API calls 97729->97813 97732 e2f12 97730->97732 97797 ea81b 41 API calls 97732->97797 97733 122d1e 97735 e3a5a 24 API calls 97733->97735 97736 122d44 97735->97736 97814 e3084 22 API calls 97736->97814 97737 e2f21 97740 ea961 22 API calls 97737->97740 97739 122d50 97815 ea8c7 22 API calls __fread_nolock 97739->97815 97742 e2f3f 97740->97742 97798 e3084 22 API calls 97742->97798 97744 122d5e 97816 e3084 22 API calls 97744->97816 97745 e2f4b 97799 104a28 40 API calls 3 library calls 97745->97799 97748 122d6d 97817 ea8c7 22 API calls __fread_nolock 97748->97817 97749 e2f59 97749->97724 97750 e2f63 97749->97750 97800 104a28 40 API calls 3 library calls 97750->97800 97753 122d83 97818 e3084 22 API calls 97753->97818 97754 e2f6e 97754->97729 97756 e2f78 97754->97756 97801 104a28 40 API calls 3 library calls 97756->97801 97757 122d90 97759 e2f83 97759->97733 97760 e2f8d 97759->97760 97802 104a28 40 API calls 3 library calls 97760->97802 97762 e2f98 97763 e2fdc 97762->97763 97803 e3084 22 API calls 97762->97803 97763->97748 97764 e2fe8 97763->97764 97764->97757 97806 e63eb 22 API calls 97764->97806 97766 e2fbf 97804 ea8c7 22 API calls __fread_nolock 97766->97804 97769 e2ff8 97807 e6a50 22 API calls 97769->97807 97770 e2fcd 97805 e3084 22 API calls 97770->97805 97773 e3006 97808 e70b0 23 API calls 97773->97808 97777 e3021 97778 e3065 97777->97778 97809 e6f88 22 API calls 97777->97809 97810 e70b0 23 API calls 97777->97810 97811 e3084 22 API calls 97777->97811 97781 e4af0 __wsopen_s 97780->97781 97782 e6b57 22 API calls 97781->97782 97783 e4b22 97781->97783 97782->97783 97791 e4b58 97783->97791 97819 e4c6d 97783->97819 97785 e9cb3 22 API calls 97787 e4c52 97785->97787 97786 e9cb3 22 API calls 97786->97791 97789 e515f 22 API calls 97787->97789 97788 e4c6d 22 API calls 97788->97791 97790 e4c5e 97789->97790 97790->97705 97791->97786 97791->97788 97792 e515f 22 API calls 97791->97792 97793 e4c29 97791->97793 97792->97791 97793->97785 97793->97790 97794->97719 97795->97722 97796->97727 97797->97737 97798->97745 97799->97749 97800->97754 97801->97759 97802->97762 97803->97766 97804->97770 97805->97763 97806->97769 97807->97773 97808->97777 97809->97777 97810->97777 97811->97777 97812->97729 97813->97733 97814->97739 97815->97744 97816->97748 97817->97753 97818->97757 97820 eaec9 22 API calls 97819->97820 97821 e4c78 97820->97821 97821->97783 97822 e1033 97827 e4c91 97822->97827 97826 e1042 97828 ea961 22 API calls 97827->97828 97829 e4cff 97828->97829 97835 e3af0 97829->97835 97831 e4d9c 97832 e1038 97831->97832 97838 e51f7 22 API calls __fread_nolock 97831->97838 97834 1000a3 29 API calls __onexit 97832->97834 97834->97826 97836 e3b1c 3 API calls 97835->97836 97837 e3b0f 97836->97837 97837->97831 97838->97831 97839 efe73 97840 fceb1 23 API calls 97839->97840 97841 efe89 97840->97841 97846 fcf92 97841->97846 97843 efeb3 97858 15359c 82 API calls __wsopen_s 97843->97858 97845 134ab8 97847 e6270 22 API calls 97846->97847 97848 fcfc9 97847->97848 97849 e9cb3 22 API calls 97848->97849 97851 fcffa 97848->97851 97850 13d166 97849->97850 97859 e6350 22 API calls 97850->97859 97851->97843 97853 13d171 97860 fd2f0 40 API calls 97853->97860 97855 13d184 97856 eaceb 23 API calls 97855->97856 97857 13d188 97855->97857 97856->97857 97857->97857 97858->97845 97859->97853 97860->97855

                                                                                                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                                                                                                              Function 000E42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 389 e42de-e434d call ea961 GetVersionExW call e6b57 394 123617-12362a 389->394 395 e4353 389->395 396 12362b-12362f 394->396 397 e4355-e4357 395->397 398 123632-12363e 396->398 399 123631 396->399 400 e435d-e43bc call e93b2 call e37a0 397->400 401 123656 397->401 398->396 402 123640-123642 398->402 399->398 418 e43c2-e43c4 400->418 419 1237df-1237e6 400->419 405 12365d-123660 401->405 402->397 404 123648-12364f 402->404 404->394 407 123651 404->407 408 123666-1236a8 405->408 409 e441b-e4435 GetCurrentProcess IsWow64Process 405->409 407->401 408->409 413 1236ae-1236b1 408->413 411 e4437 409->411 412 e4494-e449a 409->412 415 e443d-e4449 411->415 412->415 416 1236b3-1236bd 413->416 417 1236db-1236e5 413->417 425 e444f-e445e LoadLibraryA 415->425 426 123824-123828 GetSystemInfo 415->426 427 1236ca-1236d6 416->427 428 1236bf-1236c5 416->428 421 1236e7-1236f3 417->421 422 1236f8-123702 417->422 418->405 420 e43ca-e43dd 418->420 423 123806-123809 419->423 424 1237e8 419->424 429 123726-12372f 420->429 430 e43e3-e43e5 420->430 421->409 432 123704-123710 422->432 433 123715-123721 422->433 434 1237f4-1237fc 423->434 435 12380b-12381a 423->435 431 1237ee 424->431 436 e449c-e44a6 GetSystemInfo 425->436 437 e4460-e446e GetProcAddress 425->437 427->409 428->409 441 123731-123737 429->441 442 12373c-123748 429->442 439 e43eb-e43ee 430->439 440 12374d-123762 430->440 431->434 432->409 433->409 434->423 435->431 443 12381c-123822 435->443 438 e4476-e4478 436->438 437->436 444 e4470-e4474 GetNativeSystemInfo 437->444 449 e447a-e447b FreeLibrary 438->449 450 e4481-e4493 438->450 445 123791-123794 439->445 446 e43f4-e440f 439->446 447 123764-12376a 440->447 448 12376f-12377b 440->448 441->409 442->409 443->434 444->438 445->409 453 12379a-1237c1 445->453 451 123780-12378c 446->451 452 e4415 446->452 447->409 448->409 449->450 451->409 452->409 454 1237c3-1237c9 453->454 455 1237ce-1237da 453->455 454->409 455->409
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetVersionExW.KERNEL32(?), ref: 000E430D
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E6B57: _wcslen.LIBCMT ref: 000E6B6A
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,0017CB64,00000000,?,?), ref: 000E4422
                                                                                                                                                                                                                                                                                                                                                                              • IsWow64Process.KERNEL32(00000000,?,?), ref: 000E4429
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 000E4454
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 000E4466
                                                                                                                                                                                                                                                                                                                                                                              • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 000E4474
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?), ref: 000E447B
                                                                                                                                                                                                                                                                                                                                                                              • GetSystemInfo.KERNEL32(?,?,?), ref: 000E44A0
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 15fa7b3a5f3f2b8f763e8a2a68e85e3192b3dbc00293bae5a84f9207a781e855
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: de9305d697821f3594e13a5629bcbaa7b79e8b227f43828f2d6726f4219b4a97
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15fa7b3a5f3f2b8f763e8a2a68e85e3192b3dbc00293bae5a84f9207a781e855
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1CA1956291A3D0FFCB11C76A7C611997FE47B26360B9A46A9D041A3F72F32446C4CB61
                                                                                                                                                                                                                                                                                                                                                                              Function 000E42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 817 e42a2-e42ba CreateStreamOnHGlobal 818 e42bc-e42d3 FindResourceExW 817->818 819 e42da-e42dd 817->819 820 e42d9 818->820 821 1235ba-1235c9 LoadResource 818->821 820->819 821->820 822 1235cf-1235dd SizeofResource 821->822 822->820 823 1235e3-1235ee LockResource 822->823 823->820 824 1235f4-123612 823->824 824->820
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,000E50AA,?,?,00000000,00000000), ref: 000E42B2
                                                                                                                                                                                                                                                                                                                                                                              • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,000E50AA,?,?,00000000,00000000), ref: 000E42C9
                                                                                                                                                                                                                                                                                                                                                                              • LoadResource.KERNEL32(?,00000000,?,?,000E50AA,?,?,00000000,00000000,?,?,?,?,?,?,000E4F20), ref: 001235BE
                                                                                                                                                                                                                                                                                                                                                                              • SizeofResource.KERNEL32(?,00000000,?,?,000E50AA,?,?,00000000,00000000,?,?,?,?,?,?,000E4F20), ref: 001235D3
                                                                                                                                                                                                                                                                                                                                                                              • LockResource.KERNEL32(000E50AA,?,?,000E50AA,?,?,00000000,00000000,?,?,?,?,?,?,000E4F20,?), ref: 001235E6
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                                              • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3ea487a523da234fa6736711130a50a79d248f190d85455630d409e3670de950
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1a6aa8d13f4a16a7d41f6f73cd18b1f126527fa20aff40dfed62c5357f19d95f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ea487a523da234fa6736711130a50a79d248f190d85455630d409e3670de950
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD118E70600700BFD7218B66DC48F277BB9EBC5B51F14816DF506E6660DB71DC408A60
                                                                                                                                                                                                                                                                                                                                                                              Function 00122BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 000E2B6B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,001B1418,?,000E2E7F,?,?,?,00000000), ref: 000E3A78
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32(runas,?,?,?,?,?,001A2224), ref: 00122C10
                                                                                                                                                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,?,?,001A2224), ref: 00122C17
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: runas
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e2c5eab5aecbefdddacc3596d3aa1538a1e0161855b35417cbee069a3b83eee1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: bf9a648a32e917885a911498b37979d16044dc18d6d27d090f53c98d92bc9d66
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2c5eab5aecbefdddacc3596d3aa1538a1e0161855b35417cbee069a3b83eee1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0211B4312083C16EC718FF62D855DEEBBA99B95740F94142DF086370A3DF318A898752
                                                                                                                                                                                                                                                                                                                                                                              Function 0014D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32 ref: 0014D501
                                                                                                                                                                                                                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 0014D50F
                                                                                                                                                                                                                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 0014D52F
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0014D5DC
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a6febae02476d15604bd445dca69919747350d777c853f2f38e611d034052900
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ba5f72c2da8ccf13cb709f0a70568d8fe1ad3abfc665edeec61181e677b789dc
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6febae02476d15604bd445dca69919747350d777c853f2f38e611d034052900
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6331C2311083409FD304EF54D881AAFBBF8EF99344F50092DF585961B2EF719985CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 0014DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,00125222), ref: 0014DBCE
                                                                                                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?), ref: 0014DBDD
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0014DBEE
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0014DBFA
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a1d3ce39fe46d2b0d2f514d0a0e7bf1445fa7011f5a09c35e376e9c152675aa7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0a24957b546937bc56db1fcf5d05dbeb0b2946d164cc211f3d57f7f5a5ea5ba6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1d3ce39fe46d2b0d2f514d0a0e7bf1445fa7011f5a09c35e376e9c152675aa7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2F0A9B0810910A786216BB8AC4D8AA37BD9F03334B50471AF83AC24F0EBB099D486D6
                                                                                                                                                                                                                                                                                                                                                                              Function 0013D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0fc34c88ac90119f66e02a1a82a20c70f6e21c5a2e3894c205048d3b5136b338
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: be72c51833ef686890e67c7026ab32ba404e2a707b22bf942c778fd5aa2c2210
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fc34c88ac90119f66e02a1a82a20c70f6e21c5a2e3894c205048d3b5136b338
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80D01261808109E9CB9496D0FC459BBB37CBF18341F618452F906E1041D734C6486761
                                                                                                                                                                                                                                                                                                                                                                              Function 00104CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(001128E9,?,00104CBE,001128E9,001A88B8,0000000C,00104E15,001128E9,00000002,00000000,?,001128E9), ref: 00104D09
                                                                                                                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,00104CBE,001128E9,001A88B8,0000000C,00104E15,001128E9,00000002,00000000,?,001128E9), ref: 00104D10
                                                                                                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00104D22
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 634003888e8ae48becfd7e9a6983a9ce8c7ca224b3778163ab22a5e7edce930c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c7804a76cfae709a96e4e2463e2d64960b57389d0f43bdb95d103e08f5e63968
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 634003888e8ae48becfd7e9a6983a9ce8c7ca224b3778163ab22a5e7edce930c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86E0B671000248BBCF11AF94DD49A983B79FB65785B104028FD599A572CB75DEC2CB80
                                                                                                                                                                                                                                                                                                                                                                              Function 0013D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetUserNameW.ADVAPI32(?,?), ref: 0013D28C
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                                              • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4f19db8af895cf3e3076420156d14e31bbcb350a009a4e8779b8ceec6d987081
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 193bfba0bc8fc769b2496b53160ef2c2af558a4822ba4dd4e06b27faa123fd9b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f19db8af895cf3e3076420156d14e31bbcb350a009a4e8779b8ceec6d987081
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DCD0C9B480111DEADF94CB90EC88DDEB37CBB04305F100156F506A2000DB3095889F50
                                                                                                                                                                                                                                                                                                                                                                              Function 0016AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 0 16aff9-16b056 call 102340 3 16b094-16b098 0->3 4 16b058-16b06b call eb567 0->4 6 16b0dd-16b0e0 3->6 7 16b09a-16b0bb call eb567 * 2 3->7 13 16b06d-16b092 call eb567 * 2 4->13 14 16b0c8 4->14 9 16b0f5-16b119 call e7510 call e7620 6->9 10 16b0e2-16b0e5 6->10 29 16b0bf-16b0c4 7->29 31 16b11f-16b178 call e7510 call e7620 call e7510 call e7620 call e7510 call e7620 9->31 32 16b1d8-16b1e0 9->32 15 16b0e8-16b0ed call eb567 10->15 13->29 19 16b0cb-16b0cf 14->19 15->9 24 16b0d1-16b0d7 19->24 25 16b0d9-16b0db 19->25 24->15 25->6 25->9 29->6 33 16b0c6 29->33 79 16b1a6-16b1d6 GetSystemDirectoryW call ffe0b GetSystemDirectoryW 31->79 80 16b17a-16b195 call e7510 call e7620 31->80 36 16b1e2-16b1fd call e7510 call e7620 32->36 37 16b20a-16b238 GetCurrentDirectoryW call ffe0b GetCurrentDirectoryW 32->37 33->19 36->37 50 16b1ff-16b208 call 104963 36->50 45 16b23c 37->45 49 16b240-16b244 45->49 52 16b246-16b270 call e9c6e * 3 49->52 53 16b275-16b285 call 1500d9 49->53 50->37 50->53 52->53 62 16b287-16b289 53->62 63 16b28b-16b2e1 call 1507c0 call 1506e6 call 1505a7 53->63 66 16b2ee-16b2f2 62->66 63->66 99 16b2e3 63->99 71 16b39a-16b3be CreateProcessW 66->71 72 16b2f8-16b321 call 1411c8 66->72 76 16b3c1-16b3d4 call ffe14 * 2 71->76 88 16b323-16b328 call 141201 72->88 89 16b32a call 1414ce 72->89 103 16b3d6-16b3e8 76->103 104 16b42f-16b43d CloseHandle 76->104 79->45 80->79 105 16b197-16b1a0 call 104963 80->105 98 16b32f-16b33c call 104963 88->98 89->98 115 16b347-16b357 call 104963 98->115 116 16b33e-16b345 98->116 99->66 109 16b3ed-16b3fc 103->109 110 16b3ea 103->110 107 16b43f-16b444 104->107 108 16b49c 104->108 105->49 105->79 117 16b446-16b44c CloseHandle 107->117 118 16b451-16b456 107->118 113 16b4a0-16b4a4 108->113 111 16b401-16b42a GetLastError call e630c call ecfa0 109->111 112 16b3fe 109->112 110->109 127 16b4e5-16b4f6 call 150175 111->127 112->111 120 16b4a6-16b4b0 113->120 121 16b4b2-16b4bc 113->121 136 16b362-16b372 call 104963 115->136 137 16b359-16b360 115->137 116->115 116->116 117->118 124 16b463-16b468 118->124 125 16b458-16b45e CloseHandle 118->125 120->127 128 16b4c4-16b4e3 call ecfa0 CloseHandle 121->128 129 16b4be 121->129 131 16b475-16b49a call 1509d9 call 16b536 124->131 132 16b46a-16b470 CloseHandle 124->132 125->124 128->127 129->128 131->113 132->131 147 16b374-16b37b 136->147 148 16b37d-16b398 call ffe14 * 3 136->148 137->136 137->137 147->147 147->148 148->76
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0016B198
                                                                                                                                                                                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0016B1B0
                                                                                                                                                                                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0016B1D4
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0016B200
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0016B214
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0016B236
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0016B332
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001505A7: GetStdHandle.KERNEL32(000000F6), ref: 001505C6
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0016B34B
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0016B366
                                                                                                                                                                                                                                                                                                                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0016B3B6
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000), ref: 0016B407
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0016B439
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0016B44A
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0016B45C
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0016B46E
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0016B4E3
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5f3501d3eab6b4ca67d7ed649a2f5bf3425e577627764a9d6a606ddbc9f50d22
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 553b57247031e4f75649cfac474f4afa8a24a14a803be5f95ef0a60ea4045185
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5f3501d3eab6b4ca67d7ed649a2f5bf3425e577627764a9d6a606ddbc9f50d22
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59F19C316083409FC714EF25C891B6EBBE5BF85314F14855DF99A9B2A2DB31EC84CB52
                                                                                                                                                                                                                                                                                                                                                                              Function 000ED730 Relevance: 21.6, APIs: 14, Instructions: 625windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetInputState.USER32 ref: 000ED807
                                                                                                                                                                                                                                                                                                                                                                              • timeGetTime.WINMM ref: 000EDA07
                                                                                                                                                                                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 000EDB28
                                                                                                                                                                                                                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 000EDB7B
                                                                                                                                                                                                                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 000EDB89
                                                                                                                                                                                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 000EDB9F
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A), ref: 000EDBB1
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e97f6bb6bc51db99df7f3f3aaa02258b0f475d59da193017fda6525ec3f25d5f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3770b86be4f16ef1cd91eed690568192a93400b391929c7121a08ac8684bbfd1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e97f6bb6bc51db99df7f3f3aaa02258b0f475d59da193017fda6525ec3f25d5f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3542F330608381EFD738DF25C894BAAB7E1FF45314F54462EE4959B692D774E884CB82
                                                                                                                                                                                                                                                                                                                                                                              Function 000E2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 000E2D07
                                                                                                                                                                                                                                                                                                                                                                              • RegisterClassExW.USER32(00000030), ref: 000E2D31
                                                                                                                                                                                                                                                                                                                                                                              • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 000E2D42
                                                                                                                                                                                                                                                                                                                                                                              • InitCommonControlsEx.COMCTL32(?), ref: 000E2D5F
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 000E2D6F
                                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(000000A9), ref: 000E2D85
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 000E2D94
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a523e1803811daf719b2c4f5d722cccb56fceccbcd2ac916978b9bfbea161170
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5ce4c870f5ab5daa8fde393e20ad20d151f44b46caef8a88d478ee00a13d3d58
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a523e1803811daf719b2c4f5d722cccb56fceccbcd2ac916978b9bfbea161170
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED21F2B5901348AFDB00DFA4EC99BDDBBB4FB08705F10821AF615A66A0D7B10584CF91
                                                                                                                                                                                                                                                                                                                                                                              Function 0012065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 457 12065b-12068b call 12042f 460 1206a6-1206b2 call 115221 457->460 461 12068d-120698 call 10f2c6 457->461 466 1206b4-1206c9 call 10f2c6 call 10f2d9 460->466 467 1206cb-120714 call 12039a 460->467 468 12069a-1206a1 call 10f2d9 461->468 466->468 476 120781-12078a GetFileType 467->476 477 120716-12071f 467->477 478 12097d-120983 468->478 479 1207d3-1207d6 476->479 480 12078c-1207bd GetLastError call 10f2a3 CloseHandle 476->480 482 120721-120725 477->482 483 120756-12077c GetLastError call 10f2a3 477->483 485 1207d8-1207dd 479->485 486 1207df-1207e5 479->486 480->468 494 1207c3-1207ce call 10f2d9 480->494 482->483 487 120727-120754 call 12039a 482->487 483->468 491 1207e9-120837 call 11516a 485->491 486->491 492 1207e7 486->492 487->476 487->483 500 120847-12086b call 12014d 491->500 501 120839-120845 call 1205ab 491->501 492->491 494->468 507 12087e-1208c1 500->507 508 12086d 500->508 501->500 506 12086f-120879 call 1186ae 501->506 506->478 510 1208e2-1208f0 507->510 511 1208c3-1208c7 507->511 508->506 514 1208f6-1208fa 510->514 515 12097b 510->515 511->510 513 1208c9-1208dd 511->513 513->510 514->515 516 1208fc-12092f CloseHandle call 12039a 514->516 515->478 519 120963-120977 516->519 520 120931-12095d GetLastError call 10f2a3 call 115333 516->520 519->515 520->519
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0012039A: CreateFileW.KERNEL32(00000000,00000000,?,00120704,?,?,00000000,?,00120704,00000000,0000000C), ref: 001203B7
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0012076F
                                                                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00120776
                                                                                                                                                                                                                                                                                                                                                                              • GetFileType.KERNEL32(00000000), ref: 00120782
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0012078C
                                                                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00120795
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 001207B5
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 001208FF
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00120931
                                                                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00120938
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                                              • String ID: H
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 682475f32f79990e3f55d56647a2f11804e140684ddf5216d2bc29f0b82a68e2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6ad633e4d8e4fb5f4b69b38eaa75c3b540831cd1151298511d5f75bd22ef393f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 682475f32f79990e3f55d56647a2f11804e140684ddf5216d2bc29f0b82a68e2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FA10732A041188FDF1AEF68E8517AE7BB0AB4A320F14025DF8559B3D2D7319D63CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 000E344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,001B1418,?,000E2E7F,?,?,?,00000000), ref: 000E3A78
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 000E3379
                                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 000E356A
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0012318D
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 001231CE
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00123210
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00123277
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00123286
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 173134b7da5a67be56ce328070ca0edec2ab229087ce9d0f22167867f230a3ba
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b010fc5605dc9a80f80057e2c18662476fed96291775c90aaf8db13e96064622
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 173134b7da5a67be56ce328070ca0edec2ab229087ce9d0f22167867f230a3ba
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D171A2715043419EC314EF26EC858ABBBE8FF99740F404A2EF555931B1EB749A88CB62
                                                                                                                                                                                                                                                                                                                                                                              Function 000E2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 000E2B8E
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 000E2B9D
                                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(00000063), ref: 000E2BB3
                                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(000000A4), ref: 000E2BC5
                                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(000000A2), ref: 000E2BD7
                                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 000E2BEF
                                                                                                                                                                                                                                                                                                                                                                              • RegisterClassExW.USER32(?), ref: 000E2C40
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E2CD4: GetSysColorBrush.USER32(0000000F), ref: 000E2D07
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E2CD4: RegisterClassExW.USER32(00000030), ref: 000E2D31
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 000E2D42
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E2CD4: InitCommonControlsEx.COMCTL32(?), ref: 000E2D5F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 000E2D6F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E2CD4: LoadIconW.USER32(000000A9), ref: 000E2D85
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 000E2D94
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4a2aa5ef948934f0c1c5d12359921e10e9f25f2177a83c07f1a0b0ec1efc2039
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 533c9428abad1b694f9ce4e34632a865a5413e6a12b186dc797b90d396c6191d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a2aa5ef948934f0c1c5d12359921e10e9f25f2177a83c07f1a0b0ec1efc2039
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28212C71E00354BFDB109FA6EC65AAD7FF4FB48B60F55411AE504A6AB0E7B10580CF90
                                                                                                                                                                                                                                                                                                                                                                              Function 000E3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 598 e3170-e3185 599 e3187-e318a 598->599 600 e31e5-e31e7 598->600 601 e318c-e3193 599->601 602 e31eb 599->602 600->599 603 e31e9 600->603 604 e3199-e319e 601->604 605 e3265-e326d PostQuitMessage 601->605 607 122dfb-122e23 call e18e2 call fe499 602->607 608 e31f1-e31f6 602->608 606 e31d0-e31d8 DefWindowProcW 603->606 610 e31a4-e31a8 604->610 611 122e7c-122e90 call 14bf30 604->611 613 e3219-e321b 605->613 612 e31de-e31e4 606->612 643 122e28-122e2f 607->643 614 e321d-e3244 SetTimer RegisterWindowMessageW 608->614 615 e31f8-e31fb 608->615 619 e31ae-e31b3 610->619 620 122e68-122e72 call 14c161 610->620 611->613 637 122e96 611->637 613->612 614->613 621 e3246-e3251 CreatePopupMenu 614->621 616 122d9c-122d9f 615->616 617 e3201-e320f KillTimer call e30f2 615->617 629 122da1-122da5 616->629 630 122dd7-122df6 MoveWindow 616->630 632 e3214 call e3c50 617->632 626 e31b9-e31be 619->626 627 122e4d-122e54 619->627 633 122e77 620->633 621->613 635 e31c4-e31ca 626->635 636 e3253-e3263 call e326f 626->636 627->606 631 122e5a-122e63 call 140ad7 627->631 638 122dc6-122dd2 SetFocus 629->638 639 122da7-122daa 629->639 630->613 631->606 632->613 633->613 635->606 635->643 636->613 637->606 638->613 639->635 644 122db0-122dc1 call e18e2 639->644 643->606 647 122e35-122e48 call e30f2 call e3837 643->647 644->613 647->606
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,000E316A,?,?), ref: 000E31D8
                                                                                                                                                                                                                                                                                                                                                                              • KillTimer.USER32(?,00000001,?,?,?,?,?,000E316A,?,?), ref: 000E3204
                                                                                                                                                                                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 000E3227
                                                                                                                                                                                                                                                                                                                                                                              • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,000E316A,?,?), ref: 000E3232
                                                                                                                                                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 000E3246
                                                                                                                                                                                                                                                                                                                                                                              • PostQuitMessage.USER32(00000000), ref: 000E3267
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                                              • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 96c059462ca4096b3afc480d0420cbedb891ca629a11edc2c9a0e3825d89f96d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e15c5af08c2acff9a071e7a0ec8beab98d1627cd054cff1fa5f18af2280651f3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96c059462ca4096b3afc480d0420cbedb891ca629a11edc2c9a0e3825d89f96d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08417C31204284BFDB281B799D2DBFD3EA6E745340F44026DFA45B75A2DB718AC097A1
                                                                                                                                                                                                                                                                                                                                                                              Function 000E1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 654 e1410-e1449 655 e144f-e1465 mciSendStringW 654->655 656 1224b8-1224b9 DestroyWindow 654->656 657 e146b-e1473 655->657 658 e16c6-e16d3 655->658 659 1224c4-1224d1 656->659 657->659 660 e1479-e1488 call e182e 657->660 661 e16f8-e16ff 658->661 662 e16d5-e16f0 UnregisterHotKey 658->662 663 1224d3-1224d6 659->663 664 122500-122507 659->664 675 e148e-e1496 660->675 676 12250e-12251a 660->676 661->657 667 e1705 661->667 662->661 666 e16f2-e16f3 call e10d0 662->666 668 1224e2-1224e5 FindClose 663->668 669 1224d8-1224e0 call e6246 663->669 664->659 672 122509 664->672 666->661 667->658 674 1224eb-1224f8 668->674 669->674 672->676 674->664 678 1224fa-1224fb call 1532b1 674->678 679 122532-12253f 675->679 680 e149c-e14c1 call ecfa0 675->680 681 122524-12252b 676->681 682 12251c-12251e FreeLibrary 676->682 678->664 684 122541-12255e VirtualFree 679->684 685 122566-12256d 679->685 692 e14f8-e1503 CoUninitialize 680->692 693 e14c3 680->693 681->676 683 12252d 681->683 682->681 683->679 684->685 688 122560-122561 call 153317 684->688 685->679 689 12256f 685->689 688->685 694 122574-122578 689->694 692->694 695 e1509-e150e 692->695 696 e14c6-e14f6 call e1a05 call e19ae 693->696 694->695 699 12257e-122584 694->699 697 e1514-e151e 695->697 698 122589-122596 call 1532eb 695->698 696->692 701 e1707-e1714 call ff80e 697->701 702 e1524-e152f call e988f 697->702 710 122598 698->710 699->695 701->702 715 e171a 701->715 714 e1535 call e1944 702->714 716 12259d-1225bf call ffdcd 710->716 717 e153a-e15a5 call e17d5 call ffe14 call e177c call e988f call ecfa0 call e17fe call ffe14 714->717 715->701 722 1225c1 716->722 717->716 744 e15ab-e15cf call ffe14 717->744 725 1225c6-1225e8 call ffdcd 722->725 732 1225ea 725->732 735 1225ef-122611 call ffdcd 732->735 740 122613 735->740 743 122618-122625 call 1464d4 740->743 749 122627 743->749 744->725 750 e15d5-e15f9 call ffe14 744->750 752 12262c-122639 call fac64 749->752 750->735 755 e15ff-e1619 call ffe14 750->755 759 12263b 752->759 755->743 760 e161f-e1643 call e17d5 call ffe14 755->760 762 122640-12264d call 153245 759->762 760->752 769 e1649-e1651 760->769 768 12264f 762->768 770 122654-122661 call 1532cc 768->770 769->762 771 e1657-e1668 call e988f call e190a 769->771 776 122663 770->776 778 e166d-e1675 771->778 779 122668-122675 call 1532cc 776->779 778->770 780 e167b-e1689 778->780 785 122677 779->785 780->779 782 e168f-e16c5 call e988f * 3 call e1876 780->782 785->785
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 000E1459
                                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.COMBASE ref: 000E14F8
                                                                                                                                                                                                                                                                                                                                                                              • UnregisterHotKey.USER32(?), ref: 000E16DD
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 001224B9
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 0012251E
                                                                                                                                                                                                                                                                                                                                                                              • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0012254B
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: close all
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 566d45dcb63de9cab49a6f7342f547af9effa8579b61a96060eb929ba328da63
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d1ecd8a5adfe79716269974527f2c490cdad44094131d0a307b5944c74562663
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 566d45dcb63de9cab49a6f7342f547af9effa8579b61a96060eb929ba328da63
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DBD17E31701262DFCB29EF15D595AADF7A0BF05700F1481ADE94A7B262DB30AD62CF90
                                                                                                                                                                                                                                                                                                                                                                              Function 0014DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 793 14de27-14de4a WSAStartup 794 14dee6-14def2 call 104983 793->794 795 14de50-14de71 gethostname gethostbyname 793->795 803 14def3-14def6 794->803 795->794 796 14de73-14de7a 795->796 798 14de83-14de85 796->798 799 14de7c-14de81 796->799 801 14de96-14dedb call 100e20 inet_ntoa call 10d5f0 call 14ebd1 call 104983 call ffe14 798->801 802 14de87-14de94 call 104983 798->802 799->798 799->799 808 14dede-14dee4 WSACleanup 801->808 802->808 808->803
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a33c203eb21282ffc5725abb7162d4eaa9a2b92a7ddaf0055a3f26431d2e9dd9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0978eb34d5ec4f255e6ce76f5a40c54be43ffcb3f8cd1a37f5340ca23612a21a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a33c203eb21282ffc5725abb7162d4eaa9a2b92a7ddaf0055a3f26431d2e9dd9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3110671904105AFDF24AB60EC4AEEE77BCDF25710F0101ADF549A60E1EFB18AC18B91
                                                                                                                                                                                                                                                                                                                                                                              Function 000E2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 827 e2c63-e2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 000E2C91
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 000E2CB2
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,?,?,?,?,?,000E1CAD,?), ref: 000E2CC6
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,?,?,?,?,?,000E1CAD,?), ref: 000E2CCF
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a5634807e16b2b3864752d711b9008d2d9269efc2f836c697fe55870bec81a9f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8aace35c873545533b96f8660e7ac14e683e39b126535b838a231af8da7f3fb6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5634807e16b2b3864752d711b9008d2d9269efc2f836c697fe55870bec81a9f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FDF03A755402907AEB300727AC18E773EBDE7C6F60B56411EFA04A29B0E7610880DBB0
                                                                                                                                                                                                                                                                                                                                                                              Function 00112DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 942 112df8-112e0f GetLastError 943 112e11-112e1b call 11320e 942->943 944 112e1d-112e24 call 114c7d 942->944 943->944 949 112e6e-112e75 SetLastError 943->949 948 112e29-112e2f 944->948 950 112e31 948->950 951 112e3a-112e48 call 113264 948->951 953 112e77-112e7c 949->953 954 112e32-112e38 call 1129c8 950->954 958 112e4a-112e4b 951->958 959 112e4d-112e63 call 112be6 call 1129c8 951->959 960 112e65-112e6c SetLastError 954->960 958->954 959->949 959->960 960->953
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,0010F2DE,00113863,001B1444,?,000FFDF5,?,?,000EA976,00000010,001B1440,000E13FC,?,000E13C6), ref: 00112DFD
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00112E32
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00112E59
                                                                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,000E1129), ref: 00112E66
                                                                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,000E1129), ref: 00112E6F
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 28b0e08da4f79bd2a82e92d637968c1737b9b7a3c1082e2917690e7673b590b9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 37fe70692fc9eebb1ea1eaedea28da3c79071f31ffa1af573ffa82a67cef650d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 28b0e08da4f79bd2a82e92d637968c1737b9b7a3c1082e2917690e7673b590b9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5401CD3264660067C62E77746C45DEB156DABE5775B25403CF429E31D2EF748CE14160
                                                                                                                                                                                                                                                                                                                                                                              Function 000E3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 1001 e3b1c-e3b27 1002 e3b99-e3b9b 1001->1002 1003 e3b29-e3b2e 1001->1003 1005 e3b8c-e3b8f 1002->1005 1003->1002 1004 e3b30-e3b48 RegOpenKeyExW 1003->1004 1004->1002 1006 e3b4a-e3b69 RegQueryValueExW 1004->1006 1007 e3b6b-e3b76 1006->1007 1008 e3b80-e3b8b RegCloseKey 1006->1008 1009 e3b78-e3b7a 1007->1009 1010 e3b90-e3b97 1007->1010 1008->1005 1011 e3b7e 1009->1011 1010->1011 1011->1008
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,000E3B0F,SwapMouseButtons,00000004,?), ref: 000E3B40
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,000E3B0F,SwapMouseButtons,00000004,?), ref: 000E3B61
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,000E3B0F,SwapMouseButtons,00000004,?), ref: 000E3B83
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c6c9623ee3b44351620aa980c59ce1e0fb6325c734e66e72aa7ae98ecc3c10a9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 712a9717a63f9b2df711b774e90c61ae840cb3b339e8a6680eeace54cff4d22b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c6c9623ee3b44351620aa980c59ce1e0fb6325c734e66e72aa7ae98ecc3c10a9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5112AB5510248FFDB608FA6DC48AAEBBBCEF84744B10455AFA06E7110D3319E8097A0
                                                                                                                                                                                                                                                                                                                                                                              Function 0013D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0013D3BF
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32 ref: 0013D3E5
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f5d28f2a0ce7e2431b1e6507bbee5087cbc88e37c920c89b26cebe006ce88ee7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b8be29743603926c2d3f455be10e2e66623f97cacc90457824337ba61777122b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5d28f2a0ce7e2431b1e6507bbee5087cbc88e37c920c89b26cebe006ce88ee7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7F0E5A1906621DBE7755610BC58AAE3324BF10741F9A8169F80AF6555DB20CFC087D2
                                                                                                                                                                                                                                                                                                                                                                              Function 000EDFD0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • Variable must be of type 'Object'., xrefs: 001332B7
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-109567571
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d35f729ea634608662944e1cbd820139a93a3affd46ff18525bf6f3717f3e06c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b4dc7556d13fc04b16e20b4cc5821139c589ae7e1ec752fe227d8948cbd19aef
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d35f729ea634608662944e1cbd820139a93a3affd46ff18525bf6f3717f3e06c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3EC28E71A00289CFCB24CF69C884AADB7F1BF18310F248569E955BB392D775EE81CB51
                                                                                                                                                                                                                                                                                                                                                                              Function 000EEC40 Relevance: 5.7, APIs: 3, Instructions: 1195COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 000EFE66
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 683ef6f6dc24dedd149a632bb64084bcd71c72c2357efb165f0edb862c481107
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e688a57c13b9131bad66ceb868f6686c12a19b06f843b813844e21a008692cd4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 683ef6f6dc24dedd149a632bb64084bcd71c72c2357efb165f0edb862c481107
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0B29C74608382CFCB64CF15C480A7AB7E1BF99300F24496DE995AB3A1D771ED85CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 000E3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 001233A2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E6B57: _wcslen.LIBCMT ref: 000E6B6A
                                                                                                                                                                                                                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000001,?), ref: 000E3A04
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4a7e99b6af21361f21506709241ac7a00657bb6199bf31c6c74dfc6d1c9f92d2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cfb5c25639a4b99e43a56184a4f8303d46e3e3fef0cf20173031872ba80d2597
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a7e99b6af21361f21506709241ac7a00657bb6199bf31c6c74dfc6d1c9f92d2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5631C671408384AEC325EB21DC49BDBB7D8AB44710F10492EF599A3492EF709788C7D2
                                                                                                                                                                                                                                                                                                                                                                              Function 000FFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 00100668
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001032A4: RaiseException.KERNEL32(?,?,?,0010068A,?,001B1444,?,?,?,?,?,?,0010068A,000E1129,001A8738,000E1129), ref: 00103304
                                                                                                                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 00100685
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1ff4f0aff976e8c6361eb1bf205dab3487cd09673a4e720cbc18a9543210e450
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e508d28ed568cb3acc8a4abc370092efc549cd0636609b536fd7b338c7987066
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ff4f0aff976e8c6361eb1bf205dab3487cd09673a4e720cbc18a9543210e450
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53F0F63890020DB7CB01B6A5DC46EAE7BAE6F14350F604531B968D69D1EFF2EA66C5C0
                                                                                                                                                                                                                                                                                                                                                                              Function 000E10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 000E1BF4
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 000E1BFC
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 000E1C07
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 000E1C12
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 000E1C1A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 000E1C22
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E1B4A: RegisterWindowMessageW.USER32(00000004,?,000E12C4), ref: 000E1BA2
                                                                                                                                                                                                                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 000E136A
                                                                                                                                                                                                                                                                                                                                                                              • OleInitialize.OLE32 ref: 000E1388
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000), ref: 001224AB
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ca893c3d55b5a635536bc20ecd203825ef4c07bcb79a1698ae329a3d1f786c56
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fadb86ed8b935737f87b5bb03d7653cdd95d6944f9f863207ee212522e8f78e6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca893c3d55b5a635536bc20ecd203825ef4c07bcb79a1698ae329a3d1f786c56
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C971C4B5911340AFC3A4DF7AE9756953BE1FB8A3443D6832ED40AE7A62EB304481CF51
                                                                                                                                                                                                                                                                                                                                                                              Function 0014C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 000E3A04
                                                                                                                                                                                                                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0014C259
                                                                                                                                                                                                                                                                                                                                                                              • KillTimer.USER32(?,00000001,?,?), ref: 0014C261
                                                                                                                                                                                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0014C270
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 90fd840331d593c6bc213963801d97ab5c8ccee6468ee80fb1c5b83ff6fdee6a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 37eb5736b5d4d031891fab25b10e7f3e5d077cc5dfe318e6a166fd15a02d8b0b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90fd840331d593c6bc213963801d97ab5c8ccee6468ee80fb1c5b83ff6fdee6a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A31C370905344AFEB629F648855BE7BBFCAB16308F00049EE2DEA7251C7B45AC4CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 001186AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,?,001185CC,?,001A8CC8,0000000C), ref: 00118704
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,001185CC,?,001A8CC8,0000000C), ref: 0011870E
                                                                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00118739
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 59daee6fb79374a969dcfa6a628fc1bb5510cc8640bac9b3efd7e3f957f284cc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 84fa7c66c65681f407d9ae5b422ef8be19b3d142edf4e557b770eb71d76d3110
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 59daee6fb79374a969dcfa6a628fc1bb5510cc8640bac9b3efd7e3f957f284cc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98014E32A1562057D76D633468457FE675A5BD1774F39423EF8189B1D2DFA0CCC1C190
                                                                                                                                                                                                                                                                                                                                                                              Function 000EDB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 000EDB7B
                                                                                                                                                                                                                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 000EDB89
                                                                                                                                                                                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 000EDB9F
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A), ref: 000EDBB1
                                                                                                                                                                                                                                                                                                                                                                              • TranslateAcceleratorW.USER32(?,?,?), ref: 00131CC9
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 99a1a10d1577ab7ecc2c246c04a69ef3615496933f763cd33901dffb9854c11e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: bebab3d4a58fcc19d7914b151b36d4c415a3ca6914b44d17cd1c2c9370d64e91
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99a1a10d1577ab7ecc2c246c04a69ef3615496933f763cd33901dffb9854c11e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DAF05E30644380ABE734CB61DC99FEA73BCEB44310F504619E61ED34D0EB3094C89B65
                                                                                                                                                                                                                                                                                                                                                                              Function 000F1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 000F17F6
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                              • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 69ce6fc2d22a20c1197b9a36dd7dbcd5810247143450e07587e3bf512d680e3b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 03634cc1eae4aef171418d5c3841735f6aca29c1d36abc54a2995ae52c3bfc46
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69ce6fc2d22a20c1197b9a36dd7dbcd5810247143450e07587e3bf512d680e3b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51228B70608305DFC724DF14C480ABABBF1BF89354F14892DF69A8B6A2D771E845DB92
                                                                                                                                                                                                                                                                                                                                                                              Function 000F01E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: db6831e8efc88773eb1a11b5fd07ac8fb1caa04c6712740f6c2c8284ecf6458b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6ab2d89c678216854068d8467ce34ec93424f459055e8eab81577f9412d5523d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db6831e8efc88773eb1a11b5fd07ac8fb1caa04c6712740f6c2c8284ecf6458b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B432F230A00609DFCB24DF54CC85BBEB7B6BF05710F148529EA25AB2A2E731ED44DB91
                                                                                                                                                                                                                                                                                                                                                                              Function 000E2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetOpenFileNameW.COMDLG32(?), ref: 00122C8C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,000E3A97,?,?,000E2E7F,?,?,?,00000000), ref: 000E3AC2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E2DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 000E2DC4
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: X
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 81e146419b7e16342f639ac4c879fe4492149ab9edb2bcfcb19116abb5d19c25
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 90fa9671892b7aa4d998116dadd34948219113d6610b21e4deaec968835224c9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81e146419b7e16342f639ac4c879fe4492149ab9edb2bcfcb19116abb5d19c25
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7321A571A00298AFCB01DF95D849BEE7BFCAF49314F044059E515B7241DBB45A898FA1
                                                                                                                                                                                                                                                                                                                                                                              Function 0013D363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetComputerNameW.KERNEL32(?,?), ref: 0013D375
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ComputerName
                                                                                                                                                                                                                                                                                                                                                                              • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3545744682-893830106
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e7311d01646f7e4c64d83d6dc61ff269d66a7224bf3717bd41206ecf3cd12af0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f27321f925231cdc18bcd6089356eca159bbb3d952478ab26cbde379f5401938
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7311d01646f7e4c64d83d6dc61ff269d66a7224bf3717bd41206ecf3cd12af0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09D0C9B580511CEADB94CB40EC88DEEB37DBB04341F504156F506A2400DB3096889B11
                                                                                                                                                                                                                                                                                                                                                                              Function 000E3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000000,?), ref: 000E3908
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 947e98cb021c7a1c846bca14e5b5cae9318e5298fc1bbbcb7f1b7984c56a9261
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 32778ae94ebaf9c7c01d5406724a8f7d2593261109de79321a9aea6e06636b0c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 947e98cb021c7a1c846bca14e5b5cae9318e5298fc1bbbcb7f1b7984c56a9261
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C31E670504341DFD360DF25D8987A7BBF4FB49318F00092EF69A93650E771AA84CB52
                                                                                                                                                                                                                                                                                                                                                                              Function 000FF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • timeGetTime.WINMM ref: 000FF661
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000ED730: GetInputState.USER32 ref: 000ED807
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 0013F2DE
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b25a4e2deff78eb1a64d150397f92f711507284678d37389132579ee926c7ac6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c6eb13c5c03f8081255979b454fe323cb32a27d49e4d7bc52ab18e1aaef633cb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b25a4e2deff78eb1a64d150397f92f711507284678d37389132579ee926c7ac6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44F08C312406059FD324EF6AD449BAAB7E8EF45760F00002EE95ED77A1DB70A840CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 000EB710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 000EBB4E
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 182f747a33aa41dda546929322b10d322a345de794868d2116af5e458f8c4dfa
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a5d7936523a593e7c2cf851a77037a85b8298f887f7c1e69f65e3d37e8953acb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 182f747a33aa41dda546929322b10d322a345de794868d2116af5e458f8c4dfa
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0232AC30A002499FDB25CF59C8A4ABEB7F9FF48310F198059E905BB662C774ED81CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 000E4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,000E4EDD,?,001B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 000E4E9C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 000E4EAE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E4E90: FreeLibrary.KERNEL32(00000000,?,?,000E4EDD,?,001B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 000E4EC0
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,001B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 000E4EFD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00123CDE,?,001B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 000E4E62
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 000E4E74
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E4E59: FreeLibrary.KERNEL32(00000000,?,?,00123CDE,?,001B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 000E4E87
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b4e0be94c8812dbc7fd67513b10abab4061f0f2ad35cc70afdedde5aa6780b22
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a4a0d93819d8fbdeb736ed34e44c1466558dec4a17edd4b6e6d433598d590cf5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4e0be94c8812dbc7fd67513b10abab4061f0f2ad35cc70afdedde5aa6780b22
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E11E332600205AECB24BF62DC02FED77A5AF50B15F10882EF552BA2C2EF749A559790
                                                                                                                                                                                                                                                                                                                                                                              Function 00118402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1dfa1d8f0a849528e1794698c3c42984730321dc3985bff3c8d5c2c8f85cd218
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 71d7977eb53f41f603a9d70d1fcc497900633107530231514cbf32d5456283fe
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1dfa1d8f0a849528e1794698c3c42984730321dc3985bff3c8d5c2c8f85cd218
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9411487590410AAFCF09DF58E940ADA7BF5EF48304F108069F808AB312DB30DA21CBA4
                                                                                                                                                                                                                                                                                                                                                                              Function 0010E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d2620209213d7a6693f367208c4d638242aad345e86c555162caa7e08c23434a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64F02832510E1497DB353AAAAC05B9B33D89F72335F110B29F4A1D31D2DFF1D8428AA5
                                                                                                                                                                                                                                                                                                                                                                              Function 00114C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,000E1129,00000000,?,00112E29,00000001,00000364,?,?,?,0010F2DE,00113863,001B1444,?,000FFDF5,?), ref: 00114CBE
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d1cdf91332a40000380ece0e7aca83dab693cfd21f434804be888caf51fd4529
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f87a22dfb688a4f5b4b07fa120188090657180dad9804e38e17f74aed7fd994d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1cdf91332a40000380ece0e7aca83dab693cfd21f434804be888caf51fd4529
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FF0E93160222467DB295F669C09BDA3788BF51FB0B154135BC59A65D0DB70D88196E0
                                                                                                                                                                                                                                                                                                                                                                              Function 00113820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,001B1444,?,000FFDF5,?,?,000EA976,00000010,001B1440,000E13FC,?,000E13C6,?,000E1129), ref: 00113852
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 93307d8b1e75a2b0e3bd630224c8965ba14dd97fe34f56c574dd244c8094d78e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9fca07d00f746f88232fb688b22e2daaa683fb135fe21ea40e7327404b57be16
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 93307d8b1e75a2b0e3bd630224c8965ba14dd97fe34f56c574dd244c8094d78e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DE02231100224A7E7392B779C05BDB3788AF427B0F060338BD78928D8DB60EEC182E0
                                                                                                                                                                                                                                                                                                                                                                              Function 000E4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,001B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 000E4F6D
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3c0482f246547ce9ae28e5d2535740717eabb9f012e133b513bbcadc8984b45f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4b26e404e029dfa0ae1e8facc78af9a5ea0f665ab751f7ecd18cfae2608c900b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c0482f246547ce9ae28e5d2535740717eabb9f012e133b513bbcadc8984b45f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6EF03071105791CFDB349F66D494816B7F4BF14719310897EE1EA93911C7359C84DF50
                                                                                                                                                                                                                                                                                                                                                                              Function 00172A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 00172A66
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bfda5f1ecdd1e35ded71971d2b26d0b4719da09ae16316adb3721e43c67f3ca3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 952117c747fea28f4aa0f5fe72b42e559131321d00f4e16c3919dda774a71d2c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bfda5f1ecdd1e35ded71971d2b26d0b4719da09ae16316adb3721e43c67f3ca3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12E04F36350116ABC714EA30EC809FA736CEB60395B10853AFC2AD7510DB3099D686E0
                                                                                                                                                                                                                                                                                                                                                                              Function 000E30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000002,?), ref: 000E314E
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6fb6e32d2af20f9e8d3a90f4b225ee0fd9a6c75e90ba91b28db8127f178d2c09
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5d13e5f8c58bb74da6846f903527ed863dbaacc09f803e2c4724b507c2ce1970
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6fb6e32d2af20f9e8d3a90f4b225ee0fd9a6c75e90ba91b28db8127f178d2c09
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39F0A770904304AFE7529B24DC497D57BFCB701708F0001E9A68897591EB7057C8CF41
                                                                                                                                                                                                                                                                                                                                                                              Function 000E2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 000E2DC4
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E6B57: _wcslen.LIBCMT ref: 000E6B6A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 483f2945dec248446273f3af509207e46dfc64187cf98dfdde97a1beb009645e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 242a0333014ffa3de6380677a091ac7beb224ceec8ba0fccdbe9e9333e366522
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 483f2945dec248446273f3af509207e46dfc64187cf98dfdde97a1beb009645e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4AE0CD726001246BC710D258AC05FDA77EDDFC87D0F040075FD09E7259DA60ADC48590
                                                                                                                                                                                                                                                                                                                                                                              Function 000E2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 000E3908
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000ED730: GetInputState.USER32 ref: 000ED807
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 000E2B6B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 000E314E
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 076e7d3363ec1dec6e31699bd3deb89abc95fcc2f047cf6b8d723d345937b698
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4b455fa54bdde84d70b3aa663f8008ab3b7458c67ffcc36eead66e26213681c9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 076e7d3363ec1dec6e31699bd3deb89abc95fcc2f047cf6b8d723d345937b698
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4BE026213042C41FC608BB32A86A4EDBB599BD1311F80053EF08273163CF2089854351
                                                                                                                                                                                                                                                                                                                                                                              Function 0014DF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 0014DF40
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E6B57: _wcslen.LIBCMT ref: 000E6B6A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FolderPath_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2987691875-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 14d463125c4bda44a4aa2c027da74fc917091f083fe195137ce0fdd7bb8e687b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 45d450eda746fccb026028b16edb5f5c36d8d38401e00c4b51e149de491e227e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14d463125c4bda44a4aa2c027da74fc917091f083fe195137ce0fdd7bb8e687b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AFD05EA2A002282FDF60A6759C0DDF73AADD740250F0006A0786ED3152EA20DD8486F0
                                                                                                                                                                                                                                                                                                                                                                              Function 0012039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,00000000,?,00120704,?,?,00000000,?,00120704,00000000,0000000C), ref: 001203B7
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 24a04cfc24865ee13f04003916b64027eeda2cf5750df433686c2c6920333d64
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 86ac1e53c0dec05b2591d057e9542579eb3b9b194cd6863d17bcd95a800418ca
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24a04cfc24865ee13f04003916b64027eeda2cf5750df433686c2c6920333d64
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98D06C3204010DFBDF029F84DD06EDA3BAAFB48714F014050BE1856020C732E8A1AB90
                                                                                                                                                                                                                                                                                                                                                                              Function 000E1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 000E1CBC
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e7273f9e2104c3c4178c5afa2e9d50bb2772ca15ea080fc457e00e4f478bb1e0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e8f532daeef6f2bded6372a7aa16c6c0b521c00f34aaddd44af665d477328e52
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7273f9e2104c3c4178c5afa2e9d50bb2772ca15ea080fc457e00e4f478bb1e0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5EC09236380305AFF2248B80BC5AF5077A4B348B10F488101F60DA9DF3D3B228E0EB90

                                                                                                                                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                              Function 00179576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 000F9BB2
                                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0017961A
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0017965B
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0017969F
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 001796C9
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 001796F2
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 0017978B
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000009), ref: 00179798
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 001797AE
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000010), ref: 001797B8
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 001797E9
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 00179810
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001030,?,00177E95), ref: 00179918
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0017992E
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00179941
                                                                                                                                                                                                                                                                                                                                                                              • SetCapture.USER32(?), ref: 0017994A
                                                                                                                                                                                                                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 001799AF
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 001799BC
                                                                                                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 001799D6
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseCapture.USER32 ref: 001799E1
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00179A19
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00179A26
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001012,00000000,?), ref: 00179A80
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 00179AAE
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00179AEB
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 00179B1A
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00179B3B
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00179B4A
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00179B68
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00179B75
                                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 00179B93
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001012,00000000,?), ref: 00179BFA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 00179C2B
                                                                                                                                                                                                                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 00179C84
                                                                                                                                                                                                                                                                                                                                                                              • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00179CB4
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00179CDE
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 00179D01
                                                                                                                                                                                                                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 00179D4E
                                                                                                                                                                                                                                                                                                                                                                              • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00179D82
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9944: GetWindowLongW.USER32(?,000000EB), ref: 000F9952
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00179E05
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                                              • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ccf67c747331e33b0be9c9b092d860ee6d27fd74067774cc4812c971d035fd2c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1268ddb51f96535b40e6e7e03519d52c9f2f9f07aecb04be9ef1fa0cd5a86f89
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ccf67c747331e33b0be9c9b092d860ee6d27fd74067774cc4812c971d035fd2c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD429C74204241AFDB24CF24CC84AAABBF5FF49314F11861DF69D976A1D731A898CF91
                                                                                                                                                                                                                                                                                                                                                                              Function 00174873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 001748F3
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00174908
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00174927
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0017494B
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0017495C
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0017497B
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 001749AE
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 001749D4
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00174A0F
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00174A56
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00174A7E
                                                                                                                                                                                                                                                                                                                                                                              • IsMenu.USER32(?), ref: 00174A97
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00174AF2
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00174B20
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00174B94
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00174BE3
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00174C82
                                                                                                                                                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00174CAE
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00174CC9
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,00000000,00000001), ref: 00174CF1
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00174D13
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00174D33
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,00000000,00000001), ref: 00174D5A
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a873d069d46a33643161fef5038dfafb0a382d58ac6aa33e86df5bb715a31953
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b54e21ba96acb3fa94f4023aab3a46688be63e7040f8d7c32820e4e6c3d16cd1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a873d069d46a33643161fef5038dfafb0a382d58ac6aa33e86df5bb715a31953
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E12A071600259ABEB258F68CC49FEE7BF8AF45710F108129F51AEB2E1DB749981CB50
                                                                                                                                                                                                                                                                                                                                                                              Function 000FF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 000FF998
                                                                                                                                                                                                                                                                                                                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0013F474
                                                                                                                                                                                                                                                                                                                                                                              • IsIconic.USER32(00000000), ref: 0013F47D
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000009), ref: 0013F48A
                                                                                                                                                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(00000000), ref: 0013F494
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0013F4AA
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0013F4B1
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0013F4BD
                                                                                                                                                                                                                                                                                                                                                                              • AttachThreadInput.USER32(?,00000000,00000001), ref: 0013F4CE
                                                                                                                                                                                                                                                                                                                                                                              • AttachThreadInput.USER32(?,00000000,00000001), ref: 0013F4D6
                                                                                                                                                                                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0013F4DE
                                                                                                                                                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(00000000), ref: 0013F4E1
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0013F4F6
                                                                                                                                                                                                                                                                                                                                                                              • keybd_event.USER32(00000012,00000000), ref: 0013F501
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0013F50B
                                                                                                                                                                                                                                                                                                                                                                              • keybd_event.USER32(00000012,00000000), ref: 0013F510
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0013F519
                                                                                                                                                                                                                                                                                                                                                                              • keybd_event.USER32(00000012,00000000), ref: 0013F51E
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0013F528
                                                                                                                                                                                                                                                                                                                                                                              • keybd_event.USER32(00000012,00000000), ref: 0013F52D
                                                                                                                                                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(00000000), ref: 0013F530
                                                                                                                                                                                                                                                                                                                                                                              • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0013F557
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e17466215dc916c9c8e62d444e02f3fd76a3515793eff1e3ea1ed551fc7879d8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ffd468cce9b8557516ccd6b325a060b8006b9e009f33e8aea7ee2e9d5acac2a6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e17466215dc916c9c8e62d444e02f3fd76a3515793eff1e3ea1ed551fc7879d8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95313071B40218BBEB206BB55C4AFBF7E7CEB44B50F104069FA05EA1D1D7B15D81AEA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00141201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001416C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0014170D
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001416C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0014173A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001416C3: GetLastError.KERNEL32 ref: 0014174A
                                                                                                                                                                                                                                                                                                                                                                              • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00141286
                                                                                                                                                                                                                                                                                                                                                                              • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 001412A8
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 001412B9
                                                                                                                                                                                                                                                                                                                                                                              • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 001412D1
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessWindowStation.USER32 ref: 001412EA
                                                                                                                                                                                                                                                                                                                                                                              • SetProcessWindowStation.USER32(00000000), ref: 001412F4
                                                                                                                                                                                                                                                                                                                                                                              • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00141310
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001410BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,001411FC), ref: 001410D4
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001410BF: CloseHandle.KERNEL32(?,?,001411FC), ref: 001410E9
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                                              • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fae51541b0dc9d45a8b4181853c855404b40d094a8ace15b1bcb2e122dfd6b2e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 87ea4d886ab63bbc70e5b5d15210d62107e7d65af7e2100777bde6cbe9b99a80
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fae51541b0dc9d45a8b4181853c855404b40d094a8ace15b1bcb2e122dfd6b2e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12817971900209BBDF219FA4DC49FEE7BB9EF08704F184129FA15A62A0D7759AC4CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 00140B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001410F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00141114
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001410F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00140B9B,?,?,?), ref: 00141120
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001410F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00140B9B,?,?,?), ref: 0014112F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001410F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00140B9B,?,?,?), ref: 00141136
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001410F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0014114D
                                                                                                                                                                                                                                                                                                                                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00140BCC
                                                                                                                                                                                                                                                                                                                                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00140C00
                                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 00140C17
                                                                                                                                                                                                                                                                                                                                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 00140C51
                                                                                                                                                                                                                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00140C6D
                                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 00140C84
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00140C8C
                                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00140C93
                                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00140CB4
                                                                                                                                                                                                                                                                                                                                                                              • CopySid.ADVAPI32(00000000), ref: 00140CBB
                                                                                                                                                                                                                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00140CEA
                                                                                                                                                                                                                                                                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00140D0C
                                                                                                                                                                                                                                                                                                                                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00140D1E
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00140D45
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00140D4C
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00140D55
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00140D5C
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00140D65
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00140D6C
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00140D78
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00140D7F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00141193: GetProcessHeap.KERNEL32(00000008,00140BB1,?,00000000,?,00140BB1,?), ref: 001411A1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00141193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00140BB1,?), ref: 001411A8
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00141193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00140BB1,?), ref: 001411B7
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 520e6ad2f0a8d47d3edd3b4f077633a72b23bd0c7bcb7bc7684e94766a02e54e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fdafa3ed0508185c93aeb6f7111c19ffa1c4be41e0499d8c7e25486f317da881
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 520e6ad2f0a8d47d3edd3b4f077633a72b23bd0c7bcb7bc7684e94766a02e54e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97716075900209EBDF11DFE5DC44FAEBBB8BF08310F144529FA18A7161D771AA85CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 0015EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • OpenClipboard.USER32(0017CC08), ref: 0015EB29
                                                                                                                                                                                                                                                                                                                                                                              • IsClipboardFormatAvailable.USER32(0000000D), ref: 0015EB37
                                                                                                                                                                                                                                                                                                                                                                              • GetClipboardData.USER32(0000000D), ref: 0015EB43
                                                                                                                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 0015EB4F
                                                                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0015EB87
                                                                                                                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 0015EB91
                                                                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0015EBBC
                                                                                                                                                                                                                                                                                                                                                                              • IsClipboardFormatAvailable.USER32(00000001), ref: 0015EBC9
                                                                                                                                                                                                                                                                                                                                                                              • GetClipboardData.USER32(00000001), ref: 0015EBD1
                                                                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0015EBE2
                                                                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0015EC22
                                                                                                                                                                                                                                                                                                                                                                              • IsClipboardFormatAvailable.USER32(0000000F), ref: 0015EC38
                                                                                                                                                                                                                                                                                                                                                                              • GetClipboardData.USER32(0000000F), ref: 0015EC44
                                                                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0015EC55
                                                                                                                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0015EC77
                                                                                                                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0015EC94
                                                                                                                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0015ECD2
                                                                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0015ECF3
                                                                                                                                                                                                                                                                                                                                                                              • CountClipboardFormats.USER32 ref: 0015ED14
                                                                                                                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 0015ED59
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1a58810dbee7090fdf74dae894697924657a5e6551ad99b0beabf09141fdf016
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 933939f9ad4451e1e76c560dcaa52aaa0b1e6b669eb440d6f46532154061ca78
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a58810dbee7090fdf74dae894697924657a5e6551ad99b0beabf09141fdf016
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4261D234604201DFD318EF64D888F6A77F4AF84715F14455DF86A9B2A2CB31DE89CBA2
                                                                                                                                                                                                                                                                                                                                                                              Function 0015698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 001569BE
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00156A12
                                                                                                                                                                                                                                                                                                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00156A4E
                                                                                                                                                                                                                                                                                                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00156A75
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00156AB2
                                                                                                                                                                                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00156ADF
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3762f1e9a650d4f24b5e8fd83a3c4f55d8be6ba6445eafe2e8adea8133535368
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3d8a10aed412e10eb8cc9588382054700b9cbd071cbe5a8b78ea7da03c2eb860
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3762f1e9a650d4f24b5e8fd83a3c4f55d8be6ba6445eafe2e8adea8133535368
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8D173715083409EC314EB65C881EAFB7ECAF88704F44491DF999D7152EB34DA48C7A2
                                                                                                                                                                                                                                                                                                                                                                              Function 00159642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 00159663
                                                                                                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?), ref: 001596A1
                                                                                                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,?), ref: 001596BB
                                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 001596D3
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 001596DE
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 001596FA
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 0015974A
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(001A6B7C), ref: 00159768
                                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 00159772
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0015977F
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0015978F
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a8fa11b7a22afacff2d196fbf529f57a8fa51a1ff794c169000584f911b01118
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f4e0083da995c66b74711c757122da87cea38fc89fa9e5aedf8b9e5e3c77b0a7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8fa11b7a22afacff2d196fbf529f57a8fa51a1ff794c169000584f911b01118
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3831F536501209EEDB14AFB4DC08ADE77BCAF09321F14405AF828E6091DB34DEC88EA1
                                                                                                                                                                                                                                                                                                                                                                              Function 0015979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 001597BE
                                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 00159819
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00159824
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 00159840
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00159890
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(001A6B7C), ref: 001598AE
                                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 001598B8
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 001598C5
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 001598D5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0014DB00
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0f97985aaa97bed6210bf4c46f8654079490311320629b67aff107a1e5accaff
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 28d3c6ae303d8d663d0d52e2b94d3054b6d5d252b063782b957359245c2d8eea
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f97985aaa97bed6210bf4c46f8654079490311320629b67aff107a1e5accaff
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1031C33150121DEADF10AFB4EC48ADE77BDAF06321F148159E864A61D1DB70DA888F61
                                                                                                                                                                                                                                                                                                                                                                              Function 0016BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0016B6AE,?,?), ref: 0016C9B5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016C998: _wcslen.LIBCMT ref: 0016C9F1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016C998: _wcslen.LIBCMT ref: 0016CA68
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016C998: _wcslen.LIBCMT ref: 0016CA9E
                                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0016BF3E
                                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 0016BFA9
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0016BFCD
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0016C02C
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0016C0E7
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0016C154
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0016C1E9
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 0016C23A
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 0016C2E3
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0016C382
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0016C38F
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 87e2414fc767de0806a1f1433fb984a775eac2baa6ca4af90bb325c8b3f18602
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c5c744a39be2ba100c58dfabb223356502e939cdcc0e1deb79e8074e5b0a3a92
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87e2414fc767de0806a1f1433fb984a775eac2baa6ca4af90bb325c8b3f18602
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28025C716042409FD714CF28C895E2ABBE5FF89304F18849DF88ADB2A2DB31ED55CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 0014D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,000E3A97,?,?,000E2E7F,?,?,?,00000000), ref: 000E3AC2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014E199: GetFileAttributesW.KERNEL32(?,0014CF95), ref: 0014E19A
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0014D122
                                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0014D1DD
                                                                                                                                                                                                                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 0014D1F0
                                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?), ref: 0014D20D
                                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 0014D237
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0014D21C,?,?), ref: 0014D2B2
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,?,?), ref: 0014D253
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0014D264
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c42bf0cf3e231a1cd7b6760aec4f04a2293fc92fc4daec297d81d112e173c3e3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ba9680b8d7bd2592a054c34ca3c03e7e260a18f66abef2787d91f8da450a73fb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c42bf0cf3e231a1cd7b6760aec4f04a2293fc92fc4daec297d81d112e173c3e3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B061793180114DAECF15EBA1EA92DEDBBB5AF55300F644069E406771A2EF30AF49CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 0015ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d1faa9bdd36990ac1d00b797dac3509aa404c702702ee1642acb866b1d77bf14
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 40f4d8b6c993221e30e2b4015bb55a3007017ac9bc26230260dbeb240e56416a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1faa9bdd36990ac1d00b797dac3509aa404c702702ee1642acb866b1d77bf14
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04419B31604611EFE724DF15D889B19BBF1EF44329F14809DE8298FAA2C771ED86CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 0014E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001416C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0014170D
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001416C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0014173A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001416C3: GetLastError.KERNEL32 ref: 0014174A
                                                                                                                                                                                                                                                                                                                                                                              • ExitWindowsEx.USER32(?,00000000), ref: 0014E932
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                                              • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7fce46e6820be3a3a2e6d02bf7c21e5760f101f7ea9317578744461f9c05f1f8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 10402e17ab9fbbffcadb9c3e37c66debe0770f363cf151d63bba47f25726d4d7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7fce46e6820be3a3a2e6d02bf7c21e5760f101f7ea9317578744461f9c05f1f8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C01D673610211BBEB6426B8DC86BBF72ECB714758F160825F806E21F2D7A15C8086D0
                                                                                                                                                                                                                                                                                                                                                                              Function 00161204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • socket.WSOCK32(00000002,00000001,00000006), ref: 00161276
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00161283
                                                                                                                                                                                                                                                                                                                                                                              • bind.WSOCK32(00000000,?,00000010), ref: 001612BA
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 001612C5
                                                                                                                                                                                                                                                                                                                                                                              • closesocket.WSOCK32(00000000), ref: 001612F4
                                                                                                                                                                                                                                                                                                                                                                              • listen.WSOCK32(00000000,00000005), ref: 00161303
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 0016130D
                                                                                                                                                                                                                                                                                                                                                                              • closesocket.WSOCK32(00000000), ref: 0016133C
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5267fa7415b22b81db95271a22965bc07827cad91fe1e8945b505eb2f0792845
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 68fb84fada0602708612f6d587c67ce94447a2312fbea0764bcfc0defc2877dc
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5267fa7415b22b81db95271a22965bc07827cad91fe1e8945b505eb2f0792845
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39416031600140AFD714DF64C894B6ABBE6BF46318F2C819CE85A9F296C771ED81CBE1
                                                                                                                                                                                                                                                                                                                                                                              Function 0011B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011B9D4
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011B9F8
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011BB7F
                                                                                                                                                                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00183700), ref: 0011BB91
                                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,001B121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0011BC09
                                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,001B1270,000000FF,?,0000003F,00000000,?), ref: 0011BC36
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011BD4B
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 67000ac8989754d3cb2c1098693e01c583e3fabdef11580253fccc84eff91d32
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f007b4742eb55611463e7a29a990b1bb6f62c384dc2ae751dc58ed645754f4f9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67000ac8989754d3cb2c1098693e01c583e3fabdef11580253fccc84eff91d32
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0C1F671908209AFCB2C9F69D8D1BEA7BB9EF55310F2441BAE494D7291E7309EC1C790
                                                                                                                                                                                                                                                                                                                                                                              Function 0014D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,000E3A97,?,?,000E2E7F,?,?,?,00000000), ref: 000E3AC2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014E199: GetFileAttributesW.KERNEL32(?,0014CF95), ref: 0014E19A
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 0014D420
                                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?), ref: 0014D470
                                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 0014D481
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0014D498
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0014D4A1
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 46bc29d61095fe1582df6c61ac6413117ea6b84275c97681c00e7f4b512a1d1c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a8dfbf0061a108c48b16b6cc22d8cf51bc43e9db379fc19a87da169bfa644b3f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46bc29d61095fe1582df6c61ac6413117ea6b84275c97681c00e7f4b512a1d1c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 113170710083819FC704EF65D8558EFB7A8BF96314F844A1DF4D5631A2EB20AA49C763
                                                                                                                                                                                                                                                                                                                                                                              Function 0011E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2186690f00621c7ddee5dbb37690a1bb252e71baa0446fab25bf1ce7486fd2c2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3ea46f96564e637c9f96ecca9b0add48fb01489a29fceab4cc99faaa8181a716
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2186690f00621c7ddee5dbb37690a1bb252e71baa0446fab25bf1ce7486fd2c2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AAC22B71E086298FDB69CE689D447E9B7B5EB48304F1541FAD84DE7280E774AEC28F40
                                                                                                                                                                                                                                                                                                                                                                              Function 0015648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 001564DC
                                                                                                                                                                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00156639
                                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(0017FCF8,00000000,00000001,0017FB68,?), ref: 00156650
                                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 001568D4
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 477b692c760e1d1d87bf8dfdb5d93404edf59e963e54229cc2d379d7e4b4c721
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d488510c12cda7f8804f6458b0d04d93b29efd26cd3ce521803e817b01cb3933
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 477b692c760e1d1d87bf8dfdb5d93404edf59e963e54229cc2d379d7e4b4c721
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ACD158715082419FC314EF24C8819ABB7E8FF94304F50496DF5959B2A2EB71EE4ACB92
                                                                                                                                                                                                                                                                                                                                                                              Function 001622DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32(?,?,00000000), ref: 001622E8
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0015E4EC: GetWindowRect.USER32(?,?), ref: 0015E504
                                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00162312
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00162319
                                                                                                                                                                                                                                                                                                                                                                              • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00162355
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00162381
                                                                                                                                                                                                                                                                                                                                                                              • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 001623DF
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9d3add9611e90a82e2b9e8cdff953315ac232d27750653c7559c1bd7d5eee5f8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f1264f6d746be0e7afefb8adf913891cb09310144bf92d9f8e067cbcf2088abb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d3add9611e90a82e2b9e8cdff953315ac232d27750653c7559c1bd7d5eee5f8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B031BC72505715ABC720DF54CC49AABBBA9FB88314F000A1DF98997291DB34EA58CBD2
                                                                                                                                                                                                                                                                                                                                                                              Function 00159B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00159B78
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00159C8B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00153874: GetInputState.USER32 ref: 001538CB
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00153874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00153966
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00159BA8
                                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00159C75
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d3f0f909f81413111efdfbc51bce9a35695a13560118be64c8be185d797d66c6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3d6a954a8a18d499f19901ff30b99e8db8635bfdeaaa9c469c541fcb8e313b07
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3f0f909f81413111efdfbc51bce9a35695a13560118be64c8be185d797d66c6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB415F7190420ADFDF14DF64C989AEEBBB8EF05311F244159E819B7191EB309E88CFA1
                                                                                                                                                                                                                                                                                                                                                                              Function 000F997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 000F9BB2
                                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,?,?,?,?), ref: 000F9A4E
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 000F9B23
                                                                                                                                                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,00000000), ref: 000F9B36
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d6a4bbe7ddf55ac3ea5471907d2afd57e5cade05ad01493a34a3585dcf70c845
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 32c234d07f22396fb86508d4ccf085b45c2475bc134daa433317dd54a33604cb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6a4bbe7ddf55ac3ea5471907d2afd57e5cade05ad01493a34a3585dcf70c845
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3A1FBB0108448BEE739AA3D8C9DF7F369DEB82340F15420AF612D6DD1CB259D45E2B2
                                                                                                                                                                                                                                                                                                                                                                              Function 00161806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016304E: inet_addr.WSOCK32(?), ref: 0016307A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016304E: _wcslen.LIBCMT ref: 0016309B
                                                                                                                                                                                                                                                                                                                                                                              • socket.WSOCK32(00000002,00000002,00000011), ref: 0016185D
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00161884
                                                                                                                                                                                                                                                                                                                                                                              • bind.WSOCK32(00000000,?,00000010), ref: 001618DB
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 001618E6
                                                                                                                                                                                                                                                                                                                                                                              • closesocket.WSOCK32(00000000), ref: 00161915
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0e4fa66bf06d1d3fd7f96f880f45d0927ca7ddef3325fba4f6f8bc6beca34069
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 125e658ac557d86fe3c0df6ac217fedacae3e82b6aaeda8d8692b42c39a45e80
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e4fa66bf06d1d3fd7f96f880f45d0927ca7ddef3325fba4f6f8bc6beca34069
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1951A371A00210AFEB10AF24D886F6A77E5AB44718F58845CF91AAF3D3D771AD41CBE1
                                                                                                                                                                                                                                                                                                                                                                              Function 00171C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fb48c22b264fa1a2b8afaa6b47d4227974ca933279f033c060b794e95863a3de
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c53fa328f9d91f067cd054d033afb18f99071e5f1aead8d7cd4f04849c95f119
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb48c22b264fa1a2b8afaa6b47d4227974ca933279f033c060b794e95863a3de
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 522191317402516FD7218F5ED884B6A7BB5AF95325B19C06CE84E8B352CB71DC82CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 000E8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 81059bde0196c53f27c7d0381dce95b07566ea14f013fee45936587ba72a8249
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 442d69def1180b4f88cb98d55f56cae3a7388feeb57d9ef49e7433412fe2bcc4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81059bde0196c53f27c7d0381dce95b07566ea14f013fee45936587ba72a8249
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6A28F71A0066ACFDF34CF59D8807ADB7B2BF54310F2481AAE859B7285EB309D91CB50
                                                                                                                                                                                                                                                                                                                                                                              Function 0014AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0014AAAC
                                                                                                                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(00000080), ref: 0014AAC8
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0014AB36
                                                                                                                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0014AB88
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 411c228790ac5625a5a78569c4ca2e6f21632a750ab82bdeb989d98c85107437
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 189376d46ef07e2f07615d4d437d025f2e9faefcdec88e6fe0b128fa2b14d93b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 411c228790ac5625a5a78569c4ca2e6f21632a750ab82bdeb989d98c85107437
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35311270AC0208AEFB35CB648C05BFA7BAAEF54320F85421AF585961F0D3759981C7A2
                                                                                                                                                                                                                                                                                                                                                                              Function 0015CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • InternetReadFile.WININET(?,?,00000400,?), ref: 0015CE89
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 0015CEEA
                                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000000), ref: 0015CEFE
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 823828f0988f792049b244950640fd6cde8f765b1bbaab8e65d4e960d5d91bd8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2ef8e7d92c75e7aa00502ea58c962afa028ee43a562d4b1577f76360a22533af
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 823828f0988f792049b244950640fd6cde8f765b1bbaab8e65d4e960d5d91bd8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1821BD71500305DFE720CFA5C949BA67BF8EB50315F10481EE956E6151E770EE888BA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00148298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,00000000), ref: 001482AA
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ($|
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 214379d72d395ef47659bf55110ca5c8a8b273defa3e6f6638e0b154e63e2106
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ce142a90fd768a34703ecb8c6cd255fbecf2314a2bc4c55c891201691a73e1f8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 214379d72d395ef47659bf55110ca5c8a8b273defa3e6f6638e0b154e63e2106
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F322575A006059FCB28CF59C481AAAB7F0FF48710B15C56EE59ADB7A1EB70E981CB40
                                                                                                                                                                                                                                                                                                                                                                              Function 00155C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00155CC1
                                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 00155D17
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(?), ref: 00155D5F
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 647d0baad9c268475d58541c5bf2d69c7fe3d3301164b7793f269be5ad51e96b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fb13fcde29e6bd1620b6e8a9bd5f89c7ac65720bfc1d74e478283ef4ad5f2a7a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 647d0baad9c268475d58541c5bf2d69c7fe3d3301164b7793f269be5ad51e96b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82519835604A01DFC714CF68C4A4E9AB7F5FF49314F14855EE9AA8B3A2CB31E948CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 00112622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 0011271A
                                                                                                                                                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00112724
                                                                                                                                                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00112731
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c9ba1b55d0e2646bd35191bda502768e476a4cf06afc72e40386bb72f836a447
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b38d294c9db5acbd1dc7df37ae056916a229e0be9032600ff1a52915025059cd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9ba1b55d0e2646bd35191bda502768e476a4cf06afc72e40386bb72f836a447
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9131C4749012289BCB25DF68DC887D9B7B8BF18310F5041EAE80CA72A1EB709FC18F45
                                                                                                                                                                                                                                                                                                                                                                              Function 001551CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 001551DA
                                                                                                                                                                                                                                                                                                                                                                              • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00155238
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000), ref: 001552A1
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 357a84dbe8c27b0fa73b5bab63a749968ce91337acc184fa6835d399cbb2fa7b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b05b516955d8f9dc1e520486880f1d2d857597450391f84c515b15023ea66b12
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 357a84dbe8c27b0fa73b5bab63a749968ce91337acc184fa6835d399cbb2fa7b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD314C75A00518DFDB00DF54D894EADBBB5FF49314F4480A9E809AB362DB31E89ACB90
                                                                                                                                                                                                                                                                                                                                                                              Function 001416C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000FFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00100668
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000FFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00100685
                                                                                                                                                                                                                                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0014170D
                                                                                                                                                                                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0014173A
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0014174A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1c5d367f955086c78662051a7745ef60c80403cd81daa3a09310d881b939fc0b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3ed1b1b15a023aca4636663c35460497d0c4ede37abacc6a8005a2d547f126af
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c5d367f955086c78662051a7745ef60c80403cd81daa3a09310d881b939fc0b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B511BCB2400209BFE718AF54DC86DBBB7B9EF04714B20852EF05652651EB70BC818A60
                                                                                                                                                                                                                                                                                                                                                                              Function 0014D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0014D608
                                                                                                                                                                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0014D645
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0014D650
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 25c150f7446d7d839f403a70a0eeea80a54b72d6a831a68336d32fa4a1126ad8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8f7d819b3719cf8fbb79650dea9c8125f12cae6a164d29b0643fc8901a65d3fb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25c150f7446d7d839f403a70a0eeea80a54b72d6a831a68336d32fa4a1126ad8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59115E75E05228BFDB108F99EC45FAFBBBCEB45B50F108165F908E7290D6704A458BE1
                                                                                                                                                                                                                                                                                                                                                                              Function 00141663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0014168C
                                                                                                                                                                                                                                                                                                                                                                              • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 001416A1
                                                                                                                                                                                                                                                                                                                                                                              • FreeSid.ADVAPI32(?), ref: 001416B1
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8c196152f28fac4fae32b8bcc47eaa944f5bc14c109c86394f76db8620225c53
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f11d50bcc9fc8b1a8d5d9900ffecb7ccc54697e7a9d5b7501b1132e483ed8890
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c196152f28fac4fae32b8bcc47eaa944f5bc14c109c86394f76db8620225c53
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5FF0F475950309FBDB00DFE49C89EAEBBBCFB08704F504565E501E2191E774AA848BA0
                                                                                                                                                                                                                                                                                                                                                                              Function 0011C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: /
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 309573e03da3d2390394f2defb3136852806bf56a76d008349649bbe08200c8d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ee6f44d1a72c912ba0a055444ace03e1e5d2c1359e30ed2b3ade90df30ba0736
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 309573e03da3d2390394f2defb3136852806bf56a76d008349649bbe08200c8d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1412376940219ABCB289EB9CC48EEB77B8EB84714F1042B9F915C7180E7709DC18B90
                                                                                                                                                                                                                                                                                                                                                                              Function 0010CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 862d2e205ca86793820eb84574ca5748243602723ee4d95e44dbe7954a4b94e5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB021C71E002199BDF14CFA9C9806ADFBF1EF58314F25826AE859E7380D771AA418FD4
                                                                                                                                                                                                                                                                                                                                                                              Function 001568EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00156918
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00156961
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e795497110e9168a330999001037ea0d03450d807a6dd13bc195aeaeeb1b78f2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e60342a3056d471a440dfd9c721e8e53c8b0b026037a0563d56a8e0ac39bee26
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e795497110e9168a330999001037ea0d03450d807a6dd13bc195aeaeeb1b78f2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D11BE31604600DFD710CF2AD484A16BBE1FF84329F44C6A9E8698F6A2CB30EC45CBD1
                                                                                                                                                                                                                                                                                                                                                                              Function 001537B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00164891,?,?,00000035,?), ref: 001537E4
                                                                                                                                                                                                                                                                                                                                                                              • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00164891,?,?,00000035,?), ref: 001537F4
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e4c24b1a9f3602859d825b1c318a2d226303b3e4dcf6905c8be1f6b77c1026b3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 61574b57a8a10a86adea7bbbb03822e5db23d3f3b9d88396c96ffbfa6f0fa60a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4c24b1a9f3602859d825b1c318a2d226303b3e4dcf6905c8be1f6b77c1026b3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52F0EC706042247EE71057765C4DFDB36ADEFC4761F000165F519D3281DA605944C7F0
                                                                                                                                                                                                                                                                                                                                                                              Function 0014B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0014B25D
                                                                                                                                                                                                                                                                                                                                                                              • keybd_event.USER32(?,7694C0D0,?,00000000), ref: 0014B270
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a09e9e5733fbb8ac4809c294d8a86c727bf4010e43fba92987770b96bcaf3a13
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5f50a89fbcc7eb948df51ecb87f8e207538d3bd1e975a64420e5b92a14f55b1b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a09e9e5733fbb8ac4809c294d8a86c727bf4010e43fba92987770b96bcaf3a13
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BCF01D7190428EABDB059FA0C805BAE7BB4FF04305F108009F955A51A1D779D6519F94
                                                                                                                                                                                                                                                                                                                                                                              Function 001410BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,001411FC), ref: 001410D4
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,001411FC), ref: 001410E9
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 861e4121869f742bdd0397c661fe7e23cd87e43e38b8df3115734f03f6393d4f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 916f5c3706a8bc2869cee08ac7d5c80995652137441bc6f9e9ea8d083c05e4df
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 861e4121869f742bdd0397c661fe7e23cd87e43e38b8df3115734f03f6393d4f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43E0BF72014611AEF7252B51FC05EB777A9FF04320B14882DF5A5818B1DB626CD0EB50
                                                                                                                                                                                                                                                                                                                                                                              Function 000ECAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • Variable is not of type 'Object'., xrefs: 00130C40
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-1840281001
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b2180c436e65b7783c2850cdad112beafe58f6e4930737f62e6c2205413e2675
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a1ca517a35255480edca7f6621b0451dbe5574ebbd9fa06223a9fdbb3cfbdad4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2180c436e65b7783c2850cdad112beafe58f6e4930737f62e6c2205413e2675
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5327A709042589FEF14DF95C890EEDB7F5BF09304F244069E816BB292D776AE46CB50
                                                                                                                                                                                                                                                                                                                                                                              Function 0011676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00116766,?,?,00000008,?,?,0011FEFE,00000000), ref: 00116998
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c714e1a3c1dbeab2e16910b6be21aaf1cb3b33949102155fb78509bf5e28e642
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 992bc2057a89c2377180d78f56f8c6014110ebcd32b9f5760c786393769ae374
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c714e1a3c1dbeab2e16910b6be21aaf1cb3b33949102155fb78509bf5e28e642
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0B11D71510609DFD719CF28C486BA57BE0FF45364F298668E8D9CF2A2C736D991CB40
                                                                                                                                                                                                                                                                                                                                                                              Function 000FB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 426ff38253e5f96914e607269404b2ba345336107a5dced140a4e0080b4c60dd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3b6bc221b8dd8a5230c7d233c334c66d5bcde441f241a195a97a2ba611c05cd7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 426ff38253e5f96914e607269404b2ba345336107a5dced140a4e0080b4c60dd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7125E719002299FDB24CF58C980AFEB7F5FF48710F14819AE949EB655EB309A81DF90
                                                                                                                                                                                                                                                                                                                                                                              Function 0015EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • BlockInput.USER32(00000001), ref: 0015EABD
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 67e7a251157142d321a7746d262cfb25d52326000f4fae6c745e64f98bcedc2b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ab154d418c9fc06f8c906300bb83262fd26b7cfe466554fbdcbf9a86143356c3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67e7a251157142d321a7746d262cfb25d52326000f4fae6c745e64f98bcedc2b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DDE04F322002049FD714EF6AD844E9AF7EDBF98760F00842AFD5ADB351DB70E9858B90
                                                                                                                                                                                                                                                                                                                                                                              Function 001009D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,001003EE), ref: 001009DA
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3702a5fa0ecfa9e7f477c00993bec5a869812eac80472b66e62902dc1237fcac
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: bbe78771b218d447ec4c236ddf3c8b305a58cdeaba5475c2726f498c837b12d0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3702a5fa0ecfa9e7f477c00993bec5a869812eac80472b66e62902dc1237fcac
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                                              Function 0010781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 006b51a0a02365549193f238c125432dbc2ec4419a8c40827718ef6c286a9ddf
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25518A71E0C7099BDF389528885DBBE6385AB52354F18850BD8C2C72C2CBD1FE41D362
                                                                                                                                                                                                                                                                                                                                                                              Function 00116DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: dfe8232c4f16e7ccf39ac12726aada5b342568aa49914961039a786fb7c48b88
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b8f9c82d3267207cf429a1c6000e7ddad57f7ecd59e4cd4a59d9c901ddb86fd4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dfe8232c4f16e7ccf39ac12726aada5b342568aa49914961039a786fb7c48b88
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A32FF32D29F014DD7279634C822336A699AFB73C5F15D737E81AB5EA9EB3985C34200
                                                                                                                                                                                                                                                                                                                                                                              Function 000FCC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 369a511c3155235023d1bcb9396b8dac8dcb58ea4fcd46f62971141fa7a4911a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5499b5bac353db586a39cae3b4088df13ee65cdf008e7061b83d95e50b4f4959
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 369a511c3155235023d1bcb9396b8dac8dcb58ea4fcd46f62971141fa7a4911a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9322932A0015D8BDF28CF29C595A7DBBE1EF45310F29816AD959EB691E330DD81EBC0
                                                                                                                                                                                                                                                                                                                                                                              Function 000E7920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4d11ed8690a06f08c5d033238097e8c1865e2845e3025bf549da554dc1d05a44
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 10c47fd5b8095ed13708ec092b772595e603d7dbe20c0324256f43327e53bbbb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d11ed8690a06f08c5d033238097e8c1865e2845e3025bf549da554dc1d05a44
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6822C170A0465ADFDF14CF65D881AEEB7F6FF48300F244629E816A7291EB35AD50CB50
                                                                                                                                                                                                                                                                                                                                                                              Function 000E91C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6233a15a67ecbf126e077319d29d1779b264d96a40e3cdc43ca4a69aa4b17a51
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 66020b2646c578ea20a491a915698e03d3d6c2cedc4d691b6abc0d644bdf133d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6233a15a67ecbf126e077319d29d1779b264d96a40e3cdc43ca4a69aa4b17a51
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D02B7B0E0011AEFDF14DF65D881AADB7F1FF54300F118169E916AB291EB71AE60CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 00119EEE Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c1f2d488ad9074fee4274c705c956a5c45feab972f192d3e414ce01616427585
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 96551e07b0daaa4a39d7c5a105d30fb564a148af0580b190f321e0ae76866064
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c1f2d488ad9074fee4274c705c956a5c45feab972f192d3e414ce01616427585
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6BB1CF30D2AF414DD22396398871336BA5CBFBB6D5B95D71BFC2674D22EB2286C34240
                                                                                                                                                                                                                                                                                                                                                                              Function 00107A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: decabd672e093ea9c1fbd50d9b8f9b89fe760c1e5a23dabaa94cbcf21f442f84
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 53fc894f59d5b66811fdd1e845d1ff96b6244a9c104a9a51e8da8ce423e20465
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: decabd672e093ea9c1fbd50d9b8f9b89fe760c1e5a23dabaa94cbcf21f442f84
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA613971F0C749A6EE38A9288995BBE3394DF55710F180919F8C2DB2C1DBD1BE42C365
                                                                                                                                                                                                                                                                                                                                                                              Function 00107CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fe6111e28591557eafd5454aec638ae99204d2f3f0dfcc51200506edf72d0a96
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 085603712953fdbd0af5abed022fba58d12399c691ec92b17ac51628c1688625
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe6111e28591557eafd5454aec638ae99204d2f3f0dfcc51200506edf72d0a96
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61618971E0C70966DE395AA89891BBF2388EF52740F10095AF9C2DB2C1EBD2FD42C355
                                                                                                                                                                                                                                                                                                                                                                              Function 00152046 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9e4b6a9f009772bf900f81a080d7866889bcb8304680426c062b1f7db16e4a36
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 579be41d88a26bef8aa56aeb76095be574de100d2130552b53be951ffceae4a7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e4b6a9f009772bf900f81a080d7866889bcb8304680426c062b1f7db16e4a36
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2421BB326215118BD728CF79C85367E73E5A754310F15862EE4A7C77D0DF35A948C780
                                                                                                                                                                                                                                                                                                                                                                              Function 00162ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00162B30
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00162B43
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32 ref: 00162B52
                                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00162B6D
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00162B74
                                                                                                                                                                                                                                                                                                                                                                              • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00162CA3
                                                                                                                                                                                                                                                                                                                                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00162CB1
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00162CF8
                                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 00162D04
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00162D40
                                                                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00162D62
                                                                                                                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00162D75
                                                                                                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00162D80
                                                                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00162D89
                                                                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00162D98
                                                                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00162DA1
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00162DA8
                                                                                                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00162DB3
                                                                                                                                                                                                                                                                                                                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00162DC5
                                                                                                                                                                                                                                                                                                                                                                              • OleLoadPicture.OLEAUT32(?,00000000,00000000,0017FC38,00000000), ref: 00162DDB
                                                                                                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00162DEB
                                                                                                                                                                                                                                                                                                                                                                              • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00162E11
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00162E30
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00162E52
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0016303F
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                              • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5289d4e1f50d23b32ada16da801ac647e4bebe1741390d1de05a57262d95c8f2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4b2f4eaf4a8c01af74a5ba3556b5fed4227382073d4c9dbe322976c3e524f102
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5289d4e1f50d23b32ada16da801ac647e4bebe1741390d1de05a57262d95c8f2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44027C71900615EFDB14DF64CC89EAE7BB9FF48710F048158F919AB2A1DB74AD81CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 001770D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 0017712F
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 00177160
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 0017716C
                                                                                                                                                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,000000FF), ref: 00177186
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 00177195
                                                                                                                                                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 001771C0
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000010), ref: 001771C8
                                                                                                                                                                                                                                                                                                                                                                              • CreateSolidBrush.GDI32(00000000), ref: 001771CF
                                                                                                                                                                                                                                                                                                                                                                              • FrameRect.USER32(?,?,00000000), ref: 001771DE
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 001771E5
                                                                                                                                                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FE,000000FE), ref: 00177230
                                                                                                                                                                                                                                                                                                                                                                              • FillRect.USER32(?,?,?), ref: 00177262
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00177284
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001773E8: GetSysColor.USER32(00000012), ref: 00177421
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001773E8: SetTextColor.GDI32(?,?), ref: 00177425
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001773E8: GetSysColorBrush.USER32(0000000F), ref: 0017743B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001773E8: GetSysColor.USER32(0000000F), ref: 00177446
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001773E8: GetSysColor.USER32(00000011), ref: 00177463
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001773E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00177471
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001773E8: SelectObject.GDI32(?,00000000), ref: 00177482
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001773E8: SetBkColor.GDI32(?,00000000), ref: 0017748B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001773E8: SelectObject.GDI32(?,?), ref: 00177498
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001773E8: InflateRect.USER32(?,000000FF,000000FF), ref: 001774B7
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001773E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 001774CE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001773E8: GetWindowLongW.USER32(00000000,000000F0), ref: 001774DB
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 024eb14737861feb5c226869395024244207b8875edf9e7ccf5494ac41b93604
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d357e1ef1991c513e52a463d0280bdca0cdb630829e6eb6bf0059257478094b7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 024eb14737861feb5c226869395024244207b8875edf9e7ccf5494ac41b93604
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8A1907210C301EFD7109F60DC48A6B7BB9FB89321F104A2DF96A965E1D771E984CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 00162711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000), ref: 0016273E
                                                                                                                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0016286A
                                                                                                                                                                                                                                                                                                                                                                              • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 001628A9
                                                                                                                                                                                                                                                                                                                                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 001628B9
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00162900
                                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 0016290C
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00162955
                                                                                                                                                                                                                                                                                                                                                                              • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00162964
                                                                                                                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 00162974
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00162978
                                                                                                                                                                                                                                                                                                                                                                              • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00162988
                                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00162991
                                                                                                                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 0016299A
                                                                                                                                                                                                                                                                                                                                                                              • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 001629C6
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000030,00000000,00000001), ref: 001629DD
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00162A1D
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00162A31
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000404,00000001,00000000), ref: 00162A42
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00162A77
                                                                                                                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 00162A82
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00162A8D
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00162A97
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                                              • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cc8fa6caac3262daca40cab2e5646adb31fb5444a587ed4d20915f1d21159465
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 22529d4d77eb89d2f31f01908fbc7ea75056e46697aec45c1eed5d9f2b3d4ce2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc8fa6caac3262daca40cab2e5646adb31fb5444a587ed4d20915f1d21159465
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8B14C71A00615AFEB14DFA8DC85FAE7BB9FB08710F504118F915E76A1D774AD80CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00154ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 00154AED
                                                                                                                                                                                                                                                                                                                                                                              • GetDriveTypeW.KERNEL32(?,0017CB68,?,\\.\,0017CC08), ref: 00154BCA
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,0017CB68,?,\\.\,0017CC08), ref: 00154D36
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5b31948dfd2dd630ae694de00edd201b9b0bac30e5c228a255cb57fa904ca938
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 23d7ebb551d1f1bfb21a217a97f1469b7869ffe126070c5cf14673e671b31e56
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b31948dfd2dd630ae694de00edd201b9b0bac30e5c228a255cb57fa904ca938
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D61E534605205EFCB08DF64CA819AC77B1AB8538AB298015FC26AF692DB31DDC9DB41
                                                                                                                                                                                                                                                                                                                                                                              Function 001773E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000012), ref: 00177421
                                                                                                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,?), ref: 00177425
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 0017743B
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 00177446
                                                                                                                                                                                                                                                                                                                                                                              • CreateSolidBrush.GDI32(?), ref: 0017744B
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000011), ref: 00177463
                                                                                                                                                                                                                                                                                                                                                                              • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00177471
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 00177482
                                                                                                                                                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,00000000), ref: 0017748B
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 00177498
                                                                                                                                                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 001774B7
                                                                                                                                                                                                                                                                                                                                                                              • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 001774CE
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 001774DB
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0017752A
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00177554
                                                                                                                                                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FD,000000FD), ref: 00177572
                                                                                                                                                                                                                                                                                                                                                                              • DrawFocusRect.USER32(?,?), ref: 0017757D
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000011), ref: 0017758E
                                                                                                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 00177596
                                                                                                                                                                                                                                                                                                                                                                              • DrawTextW.USER32(?,001770F5,000000FF,?,00000000), ref: 001775A8
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 001775BF
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 001775CA
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 001775D0
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 001775D5
                                                                                                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,?), ref: 001775DB
                                                                                                                                                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 001775E5
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 54fef97264604c6102cab5d92e7c1e0056e1c9faa368de75a5f28c307a8ccd9e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b1aa1b8739e11a43ef7e857ef530bab8c3ed23e2f388072924737669d712da3e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54fef97264604c6102cab5d92e7c1e0056e1c9faa368de75a5f28c307a8ccd9e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA614D72904218EFDF119FA4DC49AEE7FB9EB08320F118125F919AB6E1D7759980CF90
                                                                                                                                                                                                                                                                                                                                                                              Function 00170FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00171128
                                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 0017113D
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00171144
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00171199
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 001711B9
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 001711ED
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0017120B
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0017121D
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000421,?,?), ref: 00171232
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00171245
                                                                                                                                                                                                                                                                                                                                                                              • IsWindowVisible.USER32(00000000), ref: 001712A1
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 001712BC
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 001712D0
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 001712E8
                                                                                                                                                                                                                                                                                                                                                                              • MonitorFromPoint.USER32(?,?,00000002), ref: 0017130E
                                                                                                                                                                                                                                                                                                                                                                              • GetMonitorInfoW.USER32(00000000,?), ref: 00171328
                                                                                                                                                                                                                                                                                                                                                                              • CopyRect.USER32(?,?), ref: 0017133F
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000412,00000000), ref: 001713AA
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 471cc65c6ab6385ee3cd35c83642c65277a1467f7412c0878cdff359eac3e849
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f9412583aa39b67033505907a24b563bfb22fed80310f0b84fc9057bfe4ec557
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 471cc65c6ab6385ee3cd35c83642c65277a1467f7412c0878cdff359eac3e849
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DB15A71604341AFD714DF69C884BAABBF4FF84350F40891CF999AB2A2D771E884CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 00170241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 001702E5
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0017031F
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00170389
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 001703F1
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00170475
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 001704C5
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00170504
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000FF9F2: _wcslen.LIBCMT ref: 000FF9FD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00142258
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0014228A
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                              • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ea46b95458495ce5e664a737abe2495e8447f822388723406a36f7911178e7bc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6f16d2d038586c78b4ae7b5283bfd7ee5f53d382ec62b26f365f8a51921efd6f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea46b95458495ce5e664a737abe2495e8447f822388723406a36f7911178e7bc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FE18C31208341DFC715DF24C99096AB3F6BF98314F54896CF89AAB2A6DB30ED85CB41
                                                                                                                                                                                                                                                                                                                                                                              Function 000F8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 000F8968
                                                                                                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000007), ref: 000F8970
                                                                                                                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 000F899B
                                                                                                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000008), ref: 000F89A3
                                                                                                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000004), ref: 000F89C8
                                                                                                                                                                                                                                                                                                                                                                              • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 000F89E5
                                                                                                                                                                                                                                                                                                                                                                              • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 000F89F5
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 000F8A28
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 000F8A3C
                                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,000000FF), ref: 000F8A5A
                                                                                                                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 000F8A76
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 000F8A81
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F912D: GetCursorPos.USER32(?), ref: 000F9141
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F912D: ScreenToClient.USER32(00000000,?), ref: 000F915E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F912D: GetAsyncKeyState.USER32(00000001), ref: 000F9183
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F912D: GetAsyncKeyState.USER32(00000002), ref: 000F919D
                                                                                                                                                                                                                                                                                                                                                                              • SetTimer.USER32(00000000,00000000,00000028,000F90FC), ref: 000F8AA8
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                                              • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7f491a5e80166f5fa4e75969786896d33bc401bdd321ebeaab3e170cf894c3c6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d3fe48533a1a54b7ff177b61dadb12f0ae3f02c1ecc13acce56f8ecf2e28f972
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f491a5e80166f5fa4e75969786896d33bc401bdd321ebeaab3e170cf894c3c6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5AB18F31A00209AFDF14DF68CC59BEE7BB5FB48314F518229FA15A7690DB70E981CB51
                                                                                                                                                                                                                                                                                                                                                                              Function 00140D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001410F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00141114
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001410F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00140B9B,?,?,?), ref: 00141120
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001410F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00140B9B,?,?,?), ref: 0014112F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001410F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00140B9B,?,?,?), ref: 00141136
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001410F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0014114D
                                                                                                                                                                                                                                                                                                                                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00140DF5
                                                                                                                                                                                                                                                                                                                                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00140E29
                                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 00140E40
                                                                                                                                                                                                                                                                                                                                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 00140E7A
                                                                                                                                                                                                                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00140E96
                                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 00140EAD
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00140EB5
                                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00140EBC
                                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00140EDD
                                                                                                                                                                                                                                                                                                                                                                              • CopySid.ADVAPI32(00000000), ref: 00140EE4
                                                                                                                                                                                                                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00140F13
                                                                                                                                                                                                                                                                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00140F35
                                                                                                                                                                                                                                                                                                                                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00140F47
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00140F6E
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00140F75
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00140F7E
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00140F85
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00140F8E
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00140F95
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00140FA1
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00140FA8
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00141193: GetProcessHeap.KERNEL32(00000008,00140BB1,?,00000000,?,00140BB1,?), ref: 001411A1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00141193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00140BB1,?), ref: 001411A8
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00141193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00140BB1,?), ref: 001411B7
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f82b17fd7c0b4fd659407ab2e58fab5f26b24ce3eb1c2db9b7eac9daedc92776
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5580874ee1704036ffcf723eb9b6cc7d4c971eaf33d5b3a36b95e19e6d9143ea
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f82b17fd7c0b4fd659407ab2e58fab5f26b24ce3eb1c2db9b7eac9daedc92776
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B171607190020AEFDF219FA5DC44FAEBBB8BF09310F144129FA19E71A1D7759985CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 0016C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0016C4BD
                                                                                                                                                                                                                                                                                                                                                                              • RegCreateKeyExW.ADVAPI32(?,?,00000000,0017CC08,00000000,?,00000000,?,?), ref: 0016C544
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0016C5A4
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0016C5F4
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0016C66F
                                                                                                                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0016C6B2
                                                                                                                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0016C7C1
                                                                                                                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0016C84D
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0016C881
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0016C88E
                                                                                                                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0016C960
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                                              • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 344196b08c6b7a9b6250e3267e5639b84540a4f0986094f2438a00d0f6fa97ae
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e3ca1b9943dfd0f97221db5f486e9d95e5e0e3a7f81874152d938ef22ff8972c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 344196b08c6b7a9b6250e3267e5639b84540a4f0986094f2438a00d0f6fa97ae
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E91268356046419FD714DF25C881B6AB7E5EF88714F04889CF89AAB3A2DB31FD41CB81
                                                                                                                                                                                                                                                                                                                                                                              Function 0017091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 001709C6
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00170A01
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00170A54
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00170A8A
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00170B06
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00170B81
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000FF9F2: _wcslen.LIBCMT ref: 000FF9FD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00142BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00142BFA
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                              • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 638ac3d45c7e041ff4ce1f326e65468b354db841160a5abac4eda8303b0a4a1a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f36b135d7b1600927a44b8b1565c45a95e19527237f2257850444bebc7207a21
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 638ac3d45c7e041ff4ce1f326e65468b354db841160a5abac4eda8303b0a4a1a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDE18635208741CFC715DF24C45096AB7F2BF98318B55895CF89AAB3A2D731EE85CB81
                                                                                                                                                                                                                                                                                                                                                                              Function 0016C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                              • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 091c3cca552c2eb9c8f80a452429fc9534a3a3ae9809dbcd157ed0961eb3fd97
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c958f3f26d3005690f2b91d716f4b33738f90124a298ac9b69edd44a0d45a721
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 091c3cca552c2eb9c8f80a452429fc9534a3a3ae9809dbcd157ed0961eb3fd97
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B071043260416A8BCB20DEBCCD515BA3391AFA5794F554128FCD6A7285F771CEA4C3E0
                                                                                                                                                                                                                                                                                                                                                                              Function 0017833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0017835A
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0017836E
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00178391
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 001783B4
                                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 001783F2
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00175BF2), ref: 0017844E
                                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00178487
                                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 001784CA
                                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00178501
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 0017850D
                                                                                                                                                                                                                                                                                                                                                                              • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0017851D
                                                                                                                                                                                                                                                                                                                                                                              • DestroyIcon.USER32(?,?,?,?,?,00175BF2), ref: 0017852C
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00178549
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00178555
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                                              • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 82b94fdaf08ed23d6b3b0e37be83238c08a97ea94e4730b9274bb5f96ab7c018
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6da5e76e730a3748b063d127920a1924efd260641bce58e7cd38fe9861e79a17
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82b94fdaf08ed23d6b3b0e37be83238c08a97ea94e4730b9274bb5f96ab7c018
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2961D0B1640215BFEB14DF64CC89BFE77B8BB08711F108509F91AE60D1DBB4AA80C7A0
                                                                                                                                                                                                                                                                                                                                                                              Function 000E7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 17741578cd293c5d791cca0e0cad90c855afeb7a3908cb2c097f313f4c9754d2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7c503e3ad1cdac07fc6f3b6705967953ef855cc9cb680a8427f29848039007c8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17741578cd293c5d791cca0e0cad90c855afeb7a3908cb2c097f313f4c9754d2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D881C271648615BFDB25AF61DC82FBF37B9AF25300F044024F949BA192EB70D961C7A1
                                                                                                                                                                                                                                                                                                                                                                              Function 00153E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CharLowerBuffW.USER32(?,?), ref: 00153EF8
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00153F03
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00153F5A
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00153F98
                                                                                                                                                                                                                                                                                                                                                                              • GetDriveTypeW.KERNEL32(?), ref: 00153FD6
                                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0015401E
                                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00154059
                                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00154087
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                              • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bd9fccfe1cf6fb0c9acd11f893e3577a888552b67176892cc30e9bf7e4e099ed
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 111eab1045726922a975389e940e4549e8b0d916dd5e2cc5488508f6b8ddb898
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd9fccfe1cf6fb0c9acd11f893e3577a888552b67176892cc30e9bf7e4e099ed
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E571C472604201DFC310EF24C8818AAB7F4EF957A8F54492DF9A5AB291EB31DD89CB51
                                                                                                                                                                                                                                                                                                                                                                              Function 00145A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(00000063), ref: 00145A2E
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00145A40
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 00145A57
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EA), ref: 00145A6C
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00145A72
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 00145A82
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00145A88
                                                                                                                                                                                                                                                                                                                                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00145AA9
                                                                                                                                                                                                                                                                                                                                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00145AC3
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00145ACC
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00145B33
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 00145B6F
                                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00145B75
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00145B7C
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00145BD3
                                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00145BE0
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000005,00000000,?), ref: 00145C05
                                                                                                                                                                                                                                                                                                                                                                              • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00145C2F
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f76661809fdf5412313aa6fa2ef729959962d86d873da49131c79a2d0063a82b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b10d5f36de2235292fd3e7f6451011599c0e31dbdd9c80c199a2d6070a6afb4b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f76661809fdf5412313aa6fa2ef729959962d86d873da49131c79a2d0063a82b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2716E31900B09AFDB20DFA8CE85AAEBBF6FF48705F10451CE546A36A1D775E984CB50
                                                                                                                                                                                                                                                                                                                                                                              Function 0015FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F89), ref: 0015FE27
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F8A), ref: 0015FE32
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 0015FE3D
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F03), ref: 0015FE48
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F8B), ref: 0015FE53
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F01), ref: 0015FE5E
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F81), ref: 0015FE69
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F88), ref: 0015FE74
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F80), ref: 0015FE7F
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F86), ref: 0015FE8A
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F83), ref: 0015FE95
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F85), ref: 0015FEA0
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F82), ref: 0015FEAB
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F84), ref: 0015FEB6
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F04), ref: 0015FEC1
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 0015FECC
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorInfo.USER32(?), ref: 0015FEDC
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0015FF1E
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ea67b62a2bf36e619e6a7691ed731884c3ff0a9c9d5b9d8b6a8eb3dffa953223
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 01ff8f6be4e7ea8501773101d5ea5b9012916ecde8da26e7766dd8335596c156
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea67b62a2bf36e619e6a7691ed731884c3ff0a9c9d5b9d8b6a8eb3dffa953223
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C64152B0D04319AADB109FBA8C89C5EBFE8FF04754B50452AF51DEB681DB78A901CF91
                                                                                                                                                                                                                                                                                                                                                                              Function 001000C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 001000C6
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001000ED: InitializeCriticalSectionAndSpinCount.KERNEL32(001B070C,00000FA0,038EE4FD,?,?,?,?,001223B3,000000FF), ref: 0010011C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001000ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,001223B3,000000FF), ref: 00100127
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001000ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,001223B3,000000FF), ref: 00100138
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001000ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0010014E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001000ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0010015C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001000ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0010016A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001000ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00100195
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001000ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 001001A0
                                                                                                                                                                                                                                                                                                                                                                              • ___scrt_fastfail.LIBCMT ref: 001000E7
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001000A3: __onexit.LIBCMT ref: 001000A9
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • kernel32.dll, xrefs: 00100133
                                                                                                                                                                                                                                                                                                                                                                              • InitializeConditionVariable, xrefs: 00100148
                                                                                                                                                                                                                                                                                                                                                                              • SleepConditionVariableCS, xrefs: 00100154
                                                                                                                                                                                                                                                                                                                                                                              • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00100122
                                                                                                                                                                                                                                                                                                                                                                              • WakeAllConditionVariable, xrefs: 00100162
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                                              • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bcb9d9fe4eef3cd404c7bee336382256b594115fc9d50168703b1733b5fcae57
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 993132fc186a7dcf1091552665ef7b7576b5737e6c1bdf0d2bbed8d25da51b9a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bcb9d9fe4eef3cd404c7bee336382256b594115fc9d50168703b1733b5fcae57
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A21D732A44711ABD7226BA4EC09B6A73E4EB0DB51F10413EF98592AD1DFB09C808A90
                                                                                                                                                                                                                                                                                                                                                                              Function 001430F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 179ad100d4f6ee28ef322d11cdb27560991228b6888de21645b4094aa92b8cec
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f74757e6687de5394914bf3b94d9aa88493bd7508bd139979ca53907a0f36c79
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 179ad100d4f6ee28ef322d11cdb27560991228b6888de21645b4094aa92b8cec
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5E1F532A00516ABCB18DFB8C451AFDFBB1BF54710F558129E466F72A0DB70AE85C7A0
                                                                                                                                                                                                                                                                                                                                                                              Function 001544C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CharLowerBuffW.USER32(00000000,00000000,0017CC08), ref: 00154527
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0015453B
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00154599
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 001545F4
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0015463F
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 001546A7
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000FF9F2: _wcslen.LIBCMT ref: 000FF9FD
                                                                                                                                                                                                                                                                                                                                                                              • GetDriveTypeW.KERNEL32(?,001A6BF0,00000061), ref: 00154743
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                              • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 92ea93bd273e93659e256ccaa342a2e21b5ba93348f73c4568c1ab52fa52cba7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7f6e856b4de631f3f075f3386462a3e484d13df6fa5de1ca2c5f1163006a76ba
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92ea93bd273e93659e256ccaa342a2e21b5ba93348f73c4568c1ab52fa52cba7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DB11731608302DFC714DF28C890A6EB7E5AFA9759F50491DF8A6DB291E730D888CB52
                                                                                                                                                                                                                                                                                                                                                                              Function 000E326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(001B1990), ref: 00122F8D
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(001B1990), ref: 0012303D
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00123081
                                                                                                                                                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(00000000), ref: 0012308A
                                                                                                                                                                                                                                                                                                                                                                              • TrackPopupMenuEx.USER32(001B1990,00000000,?,00000000,00000000,00000000), ref: 0012309D
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 001230A9
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7a17281c821a5d66eaecb67cc67d03c87e0f5baca1d115140d5eb4688b091139
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a5889727e1a3f433d674ad2cd97514d26f1a8a663b4e5825e452e0a47a78a805
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a17281c821a5d66eaecb67cc67d03c87e0f5baca1d115140d5eb4688b091139
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4710970644255BEEB258F25DD89F9EFF74FF05324F20421AF6246A1E0C7B1A960DB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00176CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,?), ref: 00176DEB
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E6B57: _wcslen.LIBCMT ref: 000E6B6A
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00176E5F
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00176E81
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00176E94
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 00176EB5
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,000E0000,00000000), ref: 00176EE4
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00176EFD
                                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00176F16
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00176F1D
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00176F35
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00176F4D
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9944: GetWindowLongW.USER32(?,000000EB), ref: 000F9952
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 38c0a017ec4ed4ab4e5d576dc279359041c67911f02c5be63d5c6cac66725b38
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ca4bcc962021d8c591110835f67db24c4de683fc48fb694c9c8ad56d736c08d9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38c0a017ec4ed4ab4e5d576dc279359041c67911f02c5be63d5c6cac66725b38
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40719870104240AFDB21DF28DC58FBABBF9FB89304F64451DF98997262CB70A989CB51
                                                                                                                                                                                                                                                                                                                                                                              Function 0017911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 000F9BB2
                                                                                                                                                                                                                                                                                                                                                                              • DragQueryPoint.SHELL32(?,?), ref: 00179147
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00177674: ClientToScreen.USER32(?,?), ref: 0017769A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00177674: GetWindowRect.USER32(?,?), ref: 00177710
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00177674: PtInRect.USER32(?,?,00178B89), ref: 00177720
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 001791B0
                                                                                                                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 001791BB
                                                                                                                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 001791DE
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00179225
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 0017923E
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 00179255
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 00179277
                                                                                                                                                                                                                                                                                                                                                                              • DragFinish.SHELL32(?), ref: 0017927E
                                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00179371
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 24e38da8cc2055dcba2d2f9e47aa360fb371f5ca8ad15d8c7144f792433fe7f1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c175fc12ba44e5de06dd467ef1e111e5621baf544f80a70efd26c8ce8b7c35d2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24e38da8cc2055dcba2d2f9e47aa360fb371f5ca8ad15d8c7144f792433fe7f1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C616A71108340AFD701EF65DC85DAFBBF8EF89750F40491DF599921A1DB309A89CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 0015C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0015C4B0
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0015C4C3
                                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0015C4D7
                                                                                                                                                                                                                                                                                                                                                                              • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0015C4F0
                                                                                                                                                                                                                                                                                                                                                                              • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0015C533
                                                                                                                                                                                                                                                                                                                                                                              • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0015C549
                                                                                                                                                                                                                                                                                                                                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0015C554
                                                                                                                                                                                                                                                                                                                                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0015C584
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0015C5DC
                                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0015C5F0
                                                                                                                                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 0015C5FB
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 48bf768ead4b87177f1c9785e038d63d546fb1da28a95b040c9d5f4cf178e312
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e2377fef73dccc9acc40b9738946a7dc29bdde38b2ce92af0f8fad943cf4abda
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 48bf768ead4b87177f1c9785e038d63d546fb1da28a95b040c9d5f4cf178e312
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD514EB1600305FFDB218FA4C988AAB7BBCFF04755F00441DF9559A650EB34EA889BE0
                                                                                                                                                                                                                                                                                                                                                                              Function 0017856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00178592
                                                                                                                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 001785A2
                                                                                                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 001785AD
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 001785BA
                                                                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 001785C8
                                                                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 001785D7
                                                                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 001785E0
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 001785E7
                                                                                                                                                                                                                                                                                                                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 001785F8
                                                                                                                                                                                                                                                                                                                                                                              • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0017FC38,?), ref: 00178611
                                                                                                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00178621
                                                                                                                                                                                                                                                                                                                                                                              • GetObjectW.GDI32(?,00000018,?), ref: 00178641
                                                                                                                                                                                                                                                                                                                                                                              • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00178671
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00178699
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 001786AF
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: adec125103b3121600268d521965c8a9f737b371c8a38a73a3e3652304a82637
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8ead94e9e204b43fa6b8a2c0b5837f0353fcbb73e9ea1190455a0f1b59d220e7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: adec125103b3121600268d521965c8a9f737b371c8a38a73a3e3652304a82637
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C841F975640205BFDB119FA5DC8CEAA7BB8FF89B15F148158F909E7260DB309981CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 001514BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(00000000), ref: 00151502
                                                                                                                                                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(?,?), ref: 0015150B
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00151517
                                                                                                                                                                                                                                                                                                                                                                              • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 001515FB
                                                                                                                                                                                                                                                                                                                                                                              • VarR8FromDec.OLEAUT32(?,?), ref: 00151657
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00151708
                                                                                                                                                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 0015178C
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 001517D8
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 001517E7
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(00000000), ref: 00151823
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7d953d34d03ec3740c4673632eb6b97b09e573960cbd6f6f132c144dbe553f3f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8ebb2930df1ce84b92d018ee967df7be479b0c092721841e2193a24ca80803b9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d953d34d03ec3740c4673632eb6b97b09e573960cbd6f6f132c144dbe553f3f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DED12331A00105EFDB05AF65D885BBDB7B1BF46701F11805AF826AF581EB34DC49DBA1
                                                                                                                                                                                                                                                                                                                                                                              Function 0016B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0016B6AE,?,?), ref: 0016C9B5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016C998: _wcslen.LIBCMT ref: 0016C9F1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016C998: _wcslen.LIBCMT ref: 0016CA68
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016C998: _wcslen.LIBCMT ref: 0016CA9E
                                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0016B6F4
                                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0016B772
                                                                                                                                                                                                                                                                                                                                                                              • RegDeleteValueW.ADVAPI32(?,?), ref: 0016B80A
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0016B87E
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0016B89C
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0016B8F2
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0016B904
                                                                                                                                                                                                                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 0016B922
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 0016B983
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0016B994
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                              • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6d605c9fde5d0bef41e73f68b83b8a214493223881885681e4863c74001340e1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 16841c895ee416ebca61925937b6bb7657387aff487562397d400d476b5e3a6e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d605c9fde5d0bef41e73f68b83b8a214493223881885681e4863c74001340e1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96C18B35208241AFD714DF24C895F6ABBE5BF84308F54845CF49A9B2A2CB31ED86CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 0016255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 001625D8
                                                                                                                                                                                                                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 001625E8
                                                                                                                                                                                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(?), ref: 001625F4
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00162601
                                                                                                                                                                                                                                                                                                                                                                              • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0016266D
                                                                                                                                                                                                                                                                                                                                                                              • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 001626AC
                                                                                                                                                                                                                                                                                                                                                                              • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 001626D0
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 001626D8
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 001626E1
                                                                                                                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(?), ref: 001626E8
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,?), ref: 001626F3
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                                              • String ID: (
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1781f2d4828dc6e2eff551e306bf0538aadd256b7f02576215ff6b443bc20f82
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f3d73853def2b8752169afb9bbf368438fbe88f5fce43ae6295ab537655c6ca9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1781f2d4828dc6e2eff551e306bf0538aadd256b7f02576215ff6b443bc20f82
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF61D2B5D00219EFCF14CFA4DC84AAEBBB6FF48310F208529E959A7250D774A991CF90
                                                                                                                                                                                                                                                                                                                                                                              Function 0011DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ___free_lconv_mon.LIBCMT ref: 0011DAA1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0011D63C: _free.LIBCMT ref: 0011D659
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0011D63C: _free.LIBCMT ref: 0011D66B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0011D63C: _free.LIBCMT ref: 0011D67D
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0011D63C: _free.LIBCMT ref: 0011D68F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0011D63C: _free.LIBCMT ref: 0011D6A1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0011D63C: _free.LIBCMT ref: 0011D6B3
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0011D63C: _free.LIBCMT ref: 0011D6C5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0011D63C: _free.LIBCMT ref: 0011D6D7
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0011D63C: _free.LIBCMT ref: 0011D6E9
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0011D63C: _free.LIBCMT ref: 0011D6FB
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0011D63C: _free.LIBCMT ref: 0011D70D
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0011D63C: _free.LIBCMT ref: 0011D71F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0011D63C: _free.LIBCMT ref: 0011D731
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011DA96
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001129C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0011D7D1,00000000,00000000,00000000,00000000,?,0011D7F8,00000000,00000007,00000000,?,0011DBF5,00000000), ref: 001129DE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001129C8: GetLastError.KERNEL32(00000000,?,0011D7D1,00000000,00000000,00000000,00000000,?,0011D7F8,00000000,00000007,00000000,?,0011DBF5,00000000,00000000), ref: 001129F0
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011DAB8
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011DACD
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011DAD8
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011DAFA
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011DB0D
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011DB1B
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011DB26
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011DB5E
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011DB65
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011DB82
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011DB9A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3b70a1ef65e781273eda176db178cbd49a868255d57ed5dc2f986fe33f50ceb3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9beb67aa50ffb6a0fd2dc6ba5897e110e188702d7a857d5623dba38fe3cb5dde
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b70a1ef65e781273eda176db178cbd49a868255d57ed5dc2f986fe33f50ceb3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E315A326086099FEB29AA39F845BDA77E8FF21324F114439E449DB191DF34ACE08724
                                                                                                                                                                                                                                                                                                                                                                              Function 0014365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 0014369C
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 001436A7
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00143797
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 0014380C
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32(?), ref: 0014385D
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00143882
                                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 001438A0
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(00000000), ref: 001438A7
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 00143921
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 0014395D
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8d2c59cf275386b996997f7a4ef3908c0bec0e0c1eea4b5e9effae11dd71ed4d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d983e978005aa94f4f18229edb1813cf0b2969fa3fdb1996755fb38b9deb46d3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8d2c59cf275386b996997f7a4ef3908c0bec0e0c1eea4b5e9effae11dd71ed4d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD91C271204606AFD719DF24C885FEAF7A9FF44354F108629F9A9D21A0DB30EA46CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 00144954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 00144994
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 001449DA
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 001449EB
                                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,00000000), ref: 001449F7
                                                                                                                                                                                                                                                                                                                                                                              • _wcsstr.LIBVCRUNTIME ref: 00144A2C
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 00144A64
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 00144A9D
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 00144AE6
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 00144B20
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00144B8B
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d2bfb04efc4ca3402df316756794c8e6051840a5f97aea0c2721d300b8394c8b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8fee75bcf768cd52bd2f091570324dcb9d617683a525252e1242ea5d273723f2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2bfb04efc4ca3402df316756794c8e6051840a5f97aea0c2721d300b8394c8b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E91CF711082059FDB04DF14C985FAA77E9FF84714F088469FD8A9B1A6EB30ED85CBA1
                                                                                                                                                                                                                                                                                                                                                                              Function 00178D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 000F9BB2
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00178D5A
                                                                                                                                                                                                                                                                                                                                                                              • GetFocus.USER32 ref: 00178D6A
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32(00000000), ref: 00178D75
                                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00178E1D
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00178ECF
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(?), ref: 00178EEC
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemID.USER32(?,00000000), ref: 00178EFC
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00178F2E
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00178F70
                                                                                                                                                                                                                                                                                                                                                                              • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00178FA1
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2970cee3026165aefc5d6cf0da839f355d160813327a8ee9b25bf5600eeb3d6a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3e836be6fae8556e1aeb2c502e804f218d28c322de4595ee53993f5054f26693
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2970cee3026165aefc5d6cf0da839f355d160813327a8ee9b25bf5600eeb3d6a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60818F71648301AFD710CF24C888AAB7BF9FB88354F14891DF99997291DF71D941CBA2
                                                                                                                                                                                                                                                                                                                                                                              Function 0014DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetFileVersionInfoSizeW.VERSION(?,?), ref: 0014DC20
                                                                                                                                                                                                                                                                                                                                                                              • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 0014DC46
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0014DC50
                                                                                                                                                                                                                                                                                                                                                                              • _wcsstr.LIBVCRUNTIME ref: 0014DCA0
                                                                                                                                                                                                                                                                                                                                                                              • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 0014DCBC
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c87db491362595618ce6e93d1af694a02ad96e31efa662940d859b2016eb909c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 59c5fc9579337a57082639434e493c3bace20a9f98492fe44c16f492e5558cda
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c87db491362595618ce6e93d1af694a02ad96e31efa662940d859b2016eb909c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9412472A40205BADB04A7B4EC43EFF37BCEF52750F148069FA04A61D3EBB4990197A4
                                                                                                                                                                                                                                                                                                                                                                              Function 0016CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0016CC64
                                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0016CC8D
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0016CD48
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0016CCAA
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0016CCBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0016CCCF
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0016CD05
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0016CD28
                                                                                                                                                                                                                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 0016CCF3
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: edca2306f087a3ea603fe756b9220373da8a126932c61315608cab0f7420a65f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: bc4bffc0674103d856deb704b409a1a69b69b7822ecef3a18cd6b1c0c1004589
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: edca2306f087a3ea603fe756b9220373da8a126932c61315608cab0f7420a65f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA316F75A01129BBDB209B94DC88EFFBB7CEF56750F000169F949E2240DB349E85DAE0
                                                                                                                                                                                                                                                                                                                                                                              Function 00153D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00153D40
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00153D6D
                                                                                                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 00153D9D
                                                                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00153DBE
                                                                                                                                                                                                                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?), ref: 00153DCE
                                                                                                                                                                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00153E55
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00153E60
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00153E6B
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 778e5acbaec7b28b1665cf35e017266990f5d3a989201ba64b23eeff06d00fae
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 759adbd1dcae8a690bc968b02885272438d795e164dc18892591d00f1cb895f6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 778e5acbaec7b28b1665cf35e017266990f5d3a989201ba64b23eeff06d00fae
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3231B672500109ABDB219BA0DC49FEF37BDEF88741F5040B9F929D6051E77097888B64
                                                                                                                                                                                                                                                                                                                                                                              Function 0014E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • timeGetTime.WINMM ref: 0014E6B4
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000FE551: timeGetTime.WINMM(?,?,0014E6D4), ref: 000FE555
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A), ref: 0014E6E1
                                                                                                                                                                                                                                                                                                                                                                              • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0014E705
                                                                                                                                                                                                                                                                                                                                                                              • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0014E727
                                                                                                                                                                                                                                                                                                                                                                              • SetActiveWindow.USER32 ref: 0014E746
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0014E754
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 0014E773
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(000000FA), ref: 0014E77E
                                                                                                                                                                                                                                                                                                                                                                              • IsWindow.USER32 ref: 0014E78A
                                                                                                                                                                                                                                                                                                                                                                              • EndDialog.USER32(00000000), ref: 0014E79B
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                                              • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5c252e7bb304509e1aa0db42f7c3e51e8cbf51d009ef8713a60919debf9ab3c1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ac6b80705fb864353a9195b919fa14b4ca8ac46ae012e128eb2645732b8f79e6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c252e7bb304509e1aa0db42f7c3e51e8cbf51d009ef8713a60919debf9ab3c1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A821D870600204BFEB005F71ECCAE253BBAF75435AF211528F919C2AB1DB719CC48B94
                                                                                                                                                                                                                                                                                                                                                                              Function 0014E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0014EA5D
                                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0014EA73
                                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0014EA84
                                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0014EA96
                                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0014EAA7
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4a8a25fce50c9f2e271f2688449f5d0103be872d1d1fbfc8bcc92b18e004f72c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7633465f6bda555b098abcdde9f4ca7dfb9c7130febe7b2e32310b97b75a612a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a8a25fce50c9f2e271f2688449f5d0103be872d1d1fbfc8bcc92b18e004f72c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0111C25A902597DD724A7A2DC4ADFB6ABCEBD2B04F540429B811B30E2EFB05A45C5B0
                                                                                                                                                                                                                                                                                                                                                                              Function 00145CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 00145CE2
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00145CFB
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00145D59
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 00145D69
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00145D7B
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00145DCF
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 00145DDD
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00145DEF
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00145E31
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EA), ref: 00145E44
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00145E5A
                                                                                                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00145E67
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7d4cd804768a8db78ae41eb9a9e279083e9cd81137e5debd7697d9065110b35b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6bbec9b2f6fb03839c81abd3af629e73d8d6e2e8596ccc712b4b6b7d49e73b45
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d4cd804768a8db78ae41eb9a9e279083e9cd81137e5debd7697d9065110b35b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B510E71A00605AFDB18CFA8DD89AAEBBB6FF48300F548129F519E6691D7709E44CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 000F8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,000F8BE8,?,00000000,?,?,?,?,000F8BBA,00000000,?), ref: 000F8FC5
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 000F8C81
                                                                                                                                                                                                                                                                                                                                                                              • KillTimer.USER32(00000000,?,?,?,?,000F8BBA,00000000,?), ref: 000F8D1B
                                                                                                                                                                                                                                                                                                                                                                              • DestroyAcceleratorTable.USER32(00000000), ref: 00136973
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,000F8BBA,00000000,?), ref: 001369A1
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,000F8BBA,00000000,?), ref: 001369B8
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,000F8BBA,00000000), ref: 001369D4
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 001369E6
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bddf748b0b4f9041b2cf9b0953fd2266ddaf48d7e68cd17836185db8ee48ea92
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 59c04bca0408b257666d17d04c36aba0c4092a7ddacc017653ed8b4c20322f0a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bddf748b0b4f9041b2cf9b0953fd2266ddaf48d7e68cd17836185db8ee48ea92
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63617731102608EFDB359F15D958BBAB7F1FB4031AF55862CE2469BD60CB31A9D0EB90
                                                                                                                                                                                                                                                                                                                                                                              Function 000F9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9944: GetWindowLongW.USER32(?,000000EB), ref: 000F9952
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 000F9862
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 43cf8f3be109f8bd676efb349d7e9671018f7459ac6f2e11c31a481cf2ad5c5f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 587c9307687aaae192913c069c92155bcb6ddb7605fa624bc02a55e10605754e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43cf8f3be109f8bd676efb349d7e9671018f7459ac6f2e11c31a481cf2ad5c5f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D941C431104648EFDB305F389C88BB93BB5EB46370F544619FAA6875E1CB719D82EB60
                                                                                                                                                                                                                                                                                                                                                                              Function 001496E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0012F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00149717
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000,?,0012F7F8,00000001), ref: 00149720
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0012F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00149742
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000,?,0012F7F8,00000001), ref: 00149745
                                                                                                                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00149866
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e43ec6d3f3165314181e949c20982f580ddf1f013b1b3a4530ecd1508544c956
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 85263a6b1457579d537dbc6ed1642166806fce6d37f3454d8957481a3567f5f7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e43ec6d3f3165314181e949c20982f580ddf1f013b1b3a4530ecd1508544c956
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80413D72900249AACF14FBE1DE86DEEB778AF55340F600125F605720A2EF356F49CB61
                                                                                                                                                                                                                                                                                                                                                                              Function 001406DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E6B57: _wcslen.LIBCMT ref: 000E6B6A
                                                                                                                                                                                                                                                                                                                                                                              • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 001407A2
                                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 001407BE
                                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 001407DA
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00140804
                                                                                                                                                                                                                                                                                                                                                                              • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0014082C
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00140837
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0014083C
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4af08e65d596324135dc5482bda68fc980f9ec5c91ef65635c7d2a99d4ba7bb5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e1fdf6191005805c1756c9aff52162f7e6ab966e327f4f288e3addb9385ef8da
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4af08e65d596324135dc5482bda68fc980f9ec5c91ef65635c7d2a99d4ba7bb5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67411876D10229AFCF15EBA5DC85CEEB778BF48350B544129E905B7162EB30AE44CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00163C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00163C5C
                                                                                                                                                                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00163C8A
                                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 00163C94
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00163D2D
                                                                                                                                                                                                                                                                                                                                                                              • GetRunningObjectTable.OLE32(00000000,?), ref: 00163DB1
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001,00000029), ref: 00163ED5
                                                                                                                                                                                                                                                                                                                                                                              • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00163F0E
                                                                                                                                                                                                                                                                                                                                                                              • CoGetObject.OLE32(?,00000000,0017FB98,?), ref: 00163F2D
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000), ref: 00163F40
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00163FC4
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00163FD8
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8a6e7f74cd42024b41dc891f5de1d0cca69be96136e45e1118d4cafdfd390280
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 50c747bfbb0f73f6aa57bfadf8d5bca1504fc4d0678e0ce82e52462f81689354
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8a6e7f74cd42024b41dc891f5de1d0cca69be96136e45e1118d4cafdfd390280
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63C145716083019FC700DF68C88496BB7E9FF89744F00495DF99A9B251DB31EE46CBA2
                                                                                                                                                                                                                                                                                                                                                                              Function 00157A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00157AF3
                                                                                                                                                                                                                                                                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00157B8F
                                                                                                                                                                                                                                                                                                                                                                              • SHGetDesktopFolder.SHELL32(?), ref: 00157BA3
                                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(0017FD08,00000000,00000001,001A6E6C,?), ref: 00157BEF
                                                                                                                                                                                                                                                                                                                                                                              • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00157C74
                                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(?,?), ref: 00157CCC
                                                                                                                                                                                                                                                                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00157D57
                                                                                                                                                                                                                                                                                                                                                                              • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00157D7A
                                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00157D81
                                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00157DD6
                                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 00157DDC
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3450ff7ba552258561df903176d26a952bb7a63126368ecd8d3f71be5fff6593
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ee1bb2b00d5bfe36b11f8539c8929a8633b756c096a627ea25fc1ad4375b32b3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3450ff7ba552258561df903176d26a952bb7a63126368ecd8d3f71be5fff6593
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8EC12C75A04105EFCB14DFA4D885DAEBBF9FF48305B148499E81AAB262D730ED85CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 0017541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00175504
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00175515
                                                                                                                                                                                                                                                                                                                                                                              • CharNextW.USER32(00000158), ref: 00175544
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00175585
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0017559B
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 001755AC
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 887458edb346fbe69ca30af66a2d66728f9da993b5b9a1ff0e0806916b772cf4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 25256d32ea45eb1228981b5e0929bed1910b49e22041077735335209d5320978
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 887458edb346fbe69ca30af66a2d66728f9da993b5b9a1ff0e0806916b772cf4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1617174904609EFDF10DF54CC859FE7BBAEF05764F108149F629A7290D7B49A80DBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 0013FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0013FAAF
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAllocData.OLEAUT32(?), ref: 0013FB08
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 0013FB1A
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(?,?), ref: 0013FB3A
                                                                                                                                                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(?,?), ref: 0013FB8D
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayUnaccessData.OLEAUT32(?), ref: 0013FBA1
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0013FBB6
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayDestroyData.OLEAUT32(?), ref: 0013FBC3
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0013FBCC
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0013FBDE
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0013FBE9
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 001c516adc5e3382985edd6d90a5d285f6f15d78b2d02cd5ac6cd85fb6d6d6e9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f2e5a3c871a181562859009980c3a5e9744a18ebfa9101e65f71aa68a154c235
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 001c516adc5e3382985edd6d90a5d285f6f15d78b2d02cd5ac6cd85fb6d6d6e9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD415175E00219DFCF00DF64D854DEEBBB9EF18344F108069E91AA7661C730A986CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00149C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 00149CA1
                                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A0), ref: 00149D22
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(000000A0), ref: 00149D3D
                                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A1), ref: 00149D57
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(000000A1), ref: 00149D6C
                                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000011), ref: 00149D84
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 00149D96
                                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000012), ref: 00149DAE
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000012), ref: 00149DC0
                                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(0000005B), ref: 00149DD8
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(0000005B), ref: 00149DEA
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 44ea1a35add1699595fbced898ab0a396c0e82bfb1b0fc0005d020daf792ceee
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 57a5fe405631055aa80734089d953689536ea5a7e47643f3005b6b4852142a33
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44ea1a35add1699595fbced898ab0a396c0e82bfb1b0fc0005d020daf792ceee
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A341D874A047CA6DFF319BA088447B7BEB06F11344F04805EDAC65A6D2DBA599C8C7A2
                                                                                                                                                                                                                                                                                                                                                                              Function 0016055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • WSAStartup.WSOCK32(00000101,?), ref: 001605BC
                                                                                                                                                                                                                                                                                                                                                                              • inet_addr.WSOCK32(?), ref: 0016061C
                                                                                                                                                                                                                                                                                                                                                                              • gethostbyname.WSOCK32(?), ref: 00160628
                                                                                                                                                                                                                                                                                                                                                                              • IcmpCreateFile.IPHLPAPI ref: 00160636
                                                                                                                                                                                                                                                                                                                                                                              • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 001606C6
                                                                                                                                                                                                                                                                                                                                                                              • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 001606E5
                                                                                                                                                                                                                                                                                                                                                                              • IcmpCloseHandle.IPHLPAPI(?), ref: 001607B9
                                                                                                                                                                                                                                                                                                                                                                              • WSACleanup.WSOCK32 ref: 001607BF
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c119f5a0b8002a671342bda5d4648de3d2657e5aeaccf49a4eed2ea5267c695b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2a740d87f718d867428e94754cfd88e57321a281d272bebed5d5df998ae7146e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c119f5a0b8002a671342bda5d4648de3d2657e5aeaccf49a4eed2ea5267c695b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36919F356042419FD321CF15D889F1BBBE0AF48318F1585A9F4AA9BAA2C730FD95CF91
                                                                                                                                                                                                                                                                                                                                                                              Function 00168CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                                              • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3f148194d343d2949d250962b2ddb7fcccf8f4e9f4aaeaa40798c731177f59db
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2a76149a24d18362151f7dc444df3beade93db942fd7832f3405f6622b5eeeb5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f148194d343d2949d250962b2ddb7fcccf8f4e9f4aaeaa40798c731177f59db
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A51B172A001169BCF24DFACCD509BEB3A5BF65324B614329E966E72C1DB31DE50C7A0
                                                                                                                                                                                                                                                                                                                                                                              Function 0016372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CoInitialize.OLE32 ref: 00163774
                                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 0016377F
                                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(?,00000000,00000017,0017FB78,?), ref: 001637D9
                                                                                                                                                                                                                                                                                                                                                                              • IIDFromString.OLE32(?,?), ref: 0016384C
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 001638E4
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00163936
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: da9c00bd25fbd369f15dfdb28b2d3b00a3659ef7ae1a2996e327021eaaa071be
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b51004be3750e77d6354a158f71cdaf642a57c0310c94bf88d52688a2c313b0f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: da9c00bd25fbd369f15dfdb28b2d3b00a3659ef7ae1a2996e327021eaaa071be
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8861A071608301AFD311DF54CC89BAABBE8EF49714F10490DF9A59B291D770EE98CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 00158195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetLocalTime.KERNEL32(?), ref: 00158257
                                                                                                                                                                                                                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00158267
                                                                                                                                                                                                                                                                                                                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00158273
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00158310
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00158324
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00158356
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0015838C
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00158395
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bb11ec864318d9140f6b46a15b19b844a0a7aa45e71f77bf6b9d616b15e86e5a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9cf338869dcd9352c98bb68aa42cf9a3c381ea2ee2615c1e9b1fcff45c336c49
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb11ec864318d9140f6b46a15b19b844a0a7aa45e71f77bf6b9d616b15e86e5a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3616B725047459FC710EF60C8419AFB3E8FF89315F04892EF9A9A7251DB31E949CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 00153388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 001533CF
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 001533F0
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: df6f171a40e085b5dfb30d5a9017f032d1c8a34fcb64bc21ede00ed3547b5337
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 099d189cb2abb098cf03a74b2236ac7752eb6f639d16602904fa862e41f3675c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df6f171a40e085b5dfb30d5a9017f032d1c8a34fcb64bc21ede00ed3547b5337
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49519D32900249BEDF19EBA1CD46EEEB7B8AF14340F644165F515730A2EB312F98DB60
                                                                                                                                                                                                                                                                                                                                                                              Function 0014B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                              • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2140d0eae22ef27bdab97d5c31a6fa42fc2b45f435e33a3eb82811b914f7dca5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 71d3275c610428bc02b6733bb431509f8116822e0414cf6ecbd39a0384af0575
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2140d0eae22ef27bdab97d5c31a6fa42fc2b45f435e33a3eb82811b914f7dca5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16413932A090278BCB209F7DC9D05BE77B5AFA5754B264129E821D72A4E731CD81C790
                                                                                                                                                                                                                                                                                                                                                                              Function 00155393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 001553A0
                                                                                                                                                                                                                                                                                                                                                                              • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00155416
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00155420
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,READY), ref: 001554A7
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                                              • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bfc9dc8271a32f9771690314e2a8d0921fe0269e826cc74e2168c64a1a8acd67
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 96817264a2cc83cd062b2d99ff7a7f6ca526302c7b0a0f8550621da089f52393
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bfc9dc8271a32f9771690314e2a8d0921fe0269e826cc74e2168c64a1a8acd67
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A31E335A00604DFC710DF68C494AAABBB5EF05306F188069E815DF292E730DD8ACBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00173C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateMenu.USER32 ref: 00173C79
                                                                                                                                                                                                                                                                                                                                                                              • SetMenu.USER32(?,00000000), ref: 00173C88
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00173D10
                                                                                                                                                                                                                                                                                                                                                                              • IsMenu.USER32(?), ref: 00173D24
                                                                                                                                                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 00173D2E
                                                                                                                                                                                                                                                                                                                                                                              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00173D5B
                                                                                                                                                                                                                                                                                                                                                                              • DrawMenuBar.USER32 ref: 00173D63
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0e31ce0faff646725eae98695555b65a09693f621bd6836d9f99da0b84ef9d38
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0a90193dcfa9218251a76510c49e590e5b5cc6b8e6e449eaea39f99eee40e397
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e31ce0faff646725eae98695555b65a09693f621bd6836d9f99da0b84ef9d38
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01419878A01209EFDB24CFA4D884AEA7BB5FF49310F14402DF95AA7360D771AA50DF90
                                                                                                                                                                                                                                                                                                                                                                              Function 00141EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00143CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00143CCA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00141F64
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32 ref: 00141F6F
                                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32 ref: 00141F8B
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 00141F8E
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32(?), ref: 00141F97
                                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 00141FAB
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 00141FAE
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5784c31336bee15965240334ac9ebed5ab3018172fbe7b03b34753c6f6b0f5a7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 04cca266de1ce7c63c99ac4ff4b9840f3dc3a559c273b021a47b091b97f3f0bf
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5784c31336bee15965240334ac9ebed5ab3018172fbe7b03b34753c6f6b0f5a7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F21D474940214BFCF04AFA0CC85EEEBBB9EF15350F500119F965672A2DB355989DBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00173A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00173A9D
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00173AA0
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00173AC7
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00173AEA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00173B62
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00173BAC
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00173BC7
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00173BE2
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00173BF6
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00173C13
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ff0da41232f451f42485747ccc8c57e40bce25e842332fe7e89d748e00160a13
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b89826e5624f4f9e6b77cb745b56b1d7b565072ecb32628c6625e860798e3cd7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff0da41232f451f42485747ccc8c57e40bce25e842332fe7e89d748e00160a13
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7616D75900248AFDB11DF68CC81EEE77F8EB09704F10419AFA19A7291D770AE85DF50
                                                                                                                                                                                                                                                                                                                                                                              Function 00112C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00112C94
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001129C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0011D7D1,00000000,00000000,00000000,00000000,?,0011D7F8,00000000,00000007,00000000,?,0011DBF5,00000000), ref: 001129DE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001129C8: GetLastError.KERNEL32(00000000,?,0011D7D1,00000000,00000000,00000000,00000000,?,0011D7F8,00000000,00000007,00000000,?,0011DBF5,00000000,00000000), ref: 001129F0
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00112CA0
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00112CAB
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00112CB6
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00112CC1
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00112CCC
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00112CD7
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00112CE2
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00112CED
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00112CFB
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 214ec15df1dc351e7f4d85b72b5a5c7f2c6e5fb92b2d39787ca943bf43509b50
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a122f5a1d26bdf9db5350b0c1caefe273a4ac53dd856cb42b2876aa68447b68f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 214ec15df1dc351e7f4d85b72b5a5c7f2c6e5fb92b2d39787ca943bf43509b50
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C119676100118AFCB0AEF58D942CDD3BA5FF15364F4144A5FA485F222D731EAA09B90
                                                                                                                                                                                                                                                                                                                                                                              Function 00157DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00157FAD
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00157FC1
                                                                                                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?), ref: 00157FEB
                                                                                                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00158005
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00158017
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00158060
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 001580B0
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5fdbdb5da2f105877c1c5c36fcb06d40178ad949d69a5f165ed0555a8df9c344
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9323abf093f741948b22404b9ca83b50401e84dd3695629d5125cf57dfc6699e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5fdbdb5da2f105877c1c5c36fcb06d40178ad949d69a5f165ed0555a8df9c344
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5581AE72508341DFCB24EE14D8429AAB3E8EB84311F144C6EFCA9DB291DB34DD498B92
                                                                                                                                                                                                                                                                                                                                                                              Function 000E5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EB), ref: 000E5C7A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E5D0A: GetClientRect.USER32(?,?), ref: 000E5D30
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E5D0A: GetWindowRect.USER32(?,?), ref: 000E5D71
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E5D0A: ScreenToClient.USER32(?,?), ref: 000E5D99
                                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32 ref: 001246F5
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00124708
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00124716
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 0012472B
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00124733
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 001247C4
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID: U
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2bc99f4d2ba29f18614b668210c2fca67c80ee8881ad40927c15ab16432b7e3e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c188ca13fcfe638c9f7f1207152a2a8592b44f948609980f164811845eca0e13
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2bc99f4d2ba29f18614b668210c2fca67c80ee8881ad40927c15ab16432b7e3e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE711F30500205EFCF25CF64DD84AFA3BB2FF4A325F244269ED656A2A6C33188A1DF50
                                                                                                                                                                                                                                                                                                                                                                              Function 0015359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 001535E4
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(001B2390,?,00000FFF,?), ref: 0015360A
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3715d1965b5784607dd2a1f9cceec43aaa7d4b415adfee82a395785ad57ec345
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 113eab01453c3fe8287584dc9d335687d71127317f23ca4f62f0967a4c8939b8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3715d1965b5784607dd2a1f9cceec43aaa7d4b415adfee82a395785ad57ec345
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB51697180024ABEDF15EBA1DC42EEEBB78AF14341F544129F515731A2EB312B99DBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00178B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 000F9BB2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F912D: GetCursorPos.USER32(?), ref: 000F9141
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F912D: ScreenToClient.USER32(00000000,?), ref: 000F915E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F912D: GetAsyncKeyState.USER32(00000001), ref: 000F9183
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F912D: GetAsyncKeyState.USER32(00000002), ref: 000F919D
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00178B6B
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_EndDrag.COMCTL32 ref: 00178B71
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseCapture.USER32 ref: 00178B77
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 00178C12
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00178C25
                                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00178CFF
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                                              • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f07a92951659901f8df34fade1c4294c1e8aa4f1d9a877c7b3baa0a2d5809ca3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4b23637d88f305d309d3d13abc99779fd167e4805745caf34b2662a65a6e594e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f07a92951659901f8df34fade1c4294c1e8aa4f1d9a877c7b3baa0a2d5809ca3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23518D71104244AFD704DF14CD9AFAA77F4FB88714F400A2DF95AA72E2DB719944CBA2
                                                                                                                                                                                                                                                                                                                                                                              Function 0015C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0015C272
                                                                                                                                                                                                                                                                                                                                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0015C29A
                                                                                                                                                                                                                                                                                                                                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0015C2CA
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0015C322
                                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?), ref: 0015C336
                                                                                                                                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 0015C341
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 35041a059850022669e4d28a699767fa123400ed981791b726ff1a950f74c512
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 611f02c3ba91b3762d7d06cfcdbcf8affd604d2c487a127202c8ee7a9bb8d3c5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35041a059850022669e4d28a699767fa123400ed981791b726ff1a950f74c512
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39316F71500308EFD7619F64CC88AAB7AFCFB59745F10851DF8569A611DB30DD889BA0
                                                                                                                                                                                                                                                                                                                                                                              Function 0014989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00123AAF,?,?,Bad directive syntax error,0017CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 001498BC
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000,?,00123AAF,?), ref: 001498C3
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00149987
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c9cfd631e9fbb5bfc0f56ae1a09082c61d76516ef443409a740d089ef9888330
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 249d1469ef42eb0a52bef50b424dc1e992fed716026dd2f1e56bf246468061c3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9cfd631e9fbb5bfc0f56ae1a09082c61d76516ef443409a740d089ef9888330
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4216D3190025AAFCF15AFA0CC0AEEE7B75FF19304F044469F519760A2EB719A58DB61
                                                                                                                                                                                                                                                                                                                                                                              Function 0014209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32 ref: 001420AB
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(00000000,?,00000100), ref: 001420C0
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0014214D
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b7066b5d74062de8d60a8b50837ca36260ed2871b80bfe138832c25b069dc630
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cd3045fc8ee5feea20d5a9fa623a65d88bc2c3b26767485470894781c520a6e1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b7066b5d74062de8d60a8b50837ca36260ed2871b80bfe138832c25b069dc630
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A1106BA6C8706FAF7052224DC06DE7379DCB15B25B61002AFB05A50F2EBB568C15664
                                                                                                                                                                                                                                                                                                                                                                              Function 00118D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7fcfafd4a8cc19b437b2b7055bbc65c22fbb3ae506858dcb0c7ae8765cdef44e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 421d62302a6595d244dbc35d20dd4b86a8237355523a3bbd336e1818a9a5d62d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7fcfafd4a8cc19b437b2b7055bbc65c22fbb3ae506858dcb0c7ae8765cdef44e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6FC1F374A04249AFDB29DFA8C851BEDBBB4BF1D310F0441A9F464A7392C77099C2CB61
                                                                                                                                                                                                                                                                                                                                                                              Function 0011CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f7040499b566474b49dc90314a41cb38e3169f8ea85b2af4a0b5d261566b77e5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: bd2f661946df5bc50a992f3335fc1d8b5a4889b9e673efeb71e2cfb12aba3371
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f7040499b566474b49dc90314a41cb38e3169f8ea85b2af4a0b5d261566b77e5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A613471A44316AFDB2DAFF4A881AEA7BA5AF19320F04427DF94497281D7319DC2C7D0
                                                                                                                                                                                                                                                                                                                                                                              Function 001750D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00175186
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 001751C7
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000005,?,00000000), ref: 001751CD
                                                                                                                                                                                                                                                                                                                                                                              • SetFocus.USER32(?,?,00000005,?,00000000), ref: 001751D1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00176FBA: DeleteObject.GDI32(00000000), ref: 00176FE6
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0017520D
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0017521A
                                                                                                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0017524D
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00175287
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00175296
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 51dac8acc236791c31b32be27f95d816168fcf1606e1de9c28899dff83c122af
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c71be65d28d02788f214b7c37d6b9e5d1d8f6cdf4118b3c982be7d9ecdc21583
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51dac8acc236791c31b32be27f95d816168fcf1606e1de9c28899dff83c122af
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA518230A44A08FEEF249F24CC45BD93B77EB05366F64C115F61D962E2C7B5A990DB40
                                                                                                                                                                                                                                                                                                                                                                              Function 000F8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00136890
                                                                                                                                                                                                                                                                                                                                                                              • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 001368A9
                                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 001368B9
                                                                                                                                                                                                                                                                                                                                                                              • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 001368D1
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 001368F2
                                                                                                                                                                                                                                                                                                                                                                              • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,000F8874,00000000,00000000,00000000,000000FF,00000000), ref: 00136901
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0013691E
                                                                                                                                                                                                                                                                                                                                                                              • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,000F8874,00000000,00000000,00000000,000000FF,00000000), ref: 0013692D
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7420f0d4751c4871478db9cb27eacd1367dc559f5c1c52ee1cfe9d1449d02358
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3fa20ef07c2f612d3ac01906f0df05848910b750cf7c2beb4469bdc6c1bd94ff
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7420f0d4751c4871478db9cb27eacd1367dc559f5c1c52ee1cfe9d1449d02358
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80516770600209FFDB20CF25CC95BAA7BB5FB58754F108518FA1696AA0DB71E990EB50
                                                                                                                                                                                                                                                                                                                                                                              Function 0015C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0015C182
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0015C195
                                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?), ref: 0015C1A9
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0015C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0015C272
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0015C253: GetLastError.KERNEL32 ref: 0015C322
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0015C253: SetEvent.KERNEL32(?), ref: 0015C336
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0015C253: InternetCloseHandle.WININET(00000000), ref: 0015C341
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e16812dc3997cfbd3e4979d909960a05d388707deb9f86c7209f0f29110abdeb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ec3c1dd5877d47d3db4f2507519ab6594e6850bb0029bf74039f4c53dfba58d3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e16812dc3997cfbd3e4979d909960a05d388707deb9f86c7209f0f29110abdeb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26318E71200701EFDB259FA5DC44A66BBF9FF18302F04441DF96A8A611DB30E898DBE0
                                                                                                                                                                                                                                                                                                                                                                              Function 001425A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00143A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00143A57
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00143A3D: GetCurrentThreadId.KERNEL32 ref: 00143A5E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00143A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,001425B3), ref: 00143A65
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 001425BD
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 001425DB
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 001425DF
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 001425E9
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00142601
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00142605
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 0014260F
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00142623
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00142627
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b30c1b312cdd18b3f3a93c2bb93bafc660deac2951ec00cfd004a95ec318bf9a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4d15a0693f8419b4ea366f3bc41975e8697d65ebcc62edf31c3b2f07e048a209
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b30c1b312cdd18b3f3a93c2bb93bafc660deac2951ec00cfd004a95ec318bf9a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3201B530390210BBFB1067689C8AF993E69DB5AB11F510015F318AF1E1C9F114C4CAA9
                                                                                                                                                                                                                                                                                                                                                                              Function 00141803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00141449,?,?,00000000), ref: 0014180C
                                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00141449,?,?,00000000), ref: 00141813
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00141449,?,?,00000000), ref: 00141828
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,?,00141449,?,?,00000000), ref: 00141830
                                                                                                                                                                                                                                                                                                                                                                              • DuplicateHandle.KERNEL32(00000000,?,00141449,?,?,00000000), ref: 00141833
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00141449,?,?,00000000), ref: 00141843
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00141449,00000000,?,00141449,?,?,00000000), ref: 0014184B
                                                                                                                                                                                                                                                                                                                                                                              • DuplicateHandle.KERNEL32(00000000,?,00141449,?,?,00000000), ref: 0014184E
                                                                                                                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,00141874,00000000,00000000,00000000), ref: 00141868
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9bfc3dcaf8809ba35f30b2d346166445e591a5fd0903bf84f81e9375b326dab6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: bb9a1cbfbd08781eea2bcc1d443e5e98a381a07000c3bcb836491b835ac6e89a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9bfc3dcaf8809ba35f30b2d346166445e591a5fd0903bf84f81e9375b326dab6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5101BBB5240308FFE710ABA5DC4DF6B3BACEB89B11F404425FA09DB5A1CA709880CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 0016A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0014D501
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0014D50F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014D4DC: CloseHandle.KERNEL32(00000000), ref: 0014D5DC
                                                                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0016A16D
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0016A180
                                                                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0016A1B3
                                                                                                                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000), ref: 0016A268
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000), ref: 0016A273
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0016A2C4
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                                              • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d2f9b8d451569cecec9f78ff8cd0b2a3495ab9b67ae6d2d1f6ce70cc816697ab
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 14d154d17fbd2d8f32e6523023519698e58f1c3631c7f0a62e597b07d60bc6c4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2f9b8d451569cecec9f78ff8cd0b2a3495ab9b67ae6d2d1f6ce70cc816697ab
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4161C2312042419FE720DF19C894F16BBE1AF54318F58849CE46A5BBA3C772ED85CF92
                                                                                                                                                                                                                                                                                                                                                                              Function 00173886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00173925
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0017393A
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00173954
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00173999
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001057,00000000,?), ref: 001739C6
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001061,?,0000000F), ref: 001739F4
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5224e9b8f1197843c94a6e2fac46dc83d3a8b2ec34507b80831550ddaeb2a9e7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b394b04dc56e02ba4db344287bb2f2232ed2fde18e5c3f079058d06e2ededf82
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5224e9b8f1197843c94a6e2fac46dc83d3a8b2ec34507b80831550ddaeb2a9e7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2419371A00219ABDB219F64CC49BEA77B9FF18354F10452AF968E7281D7719A80DB90
                                                                                                                                                                                                                                                                                                                                                                              Function 0014BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0014BCFD
                                                                                                                                                                                                                                                                                                                                                                              • IsMenu.USER32(00000000), ref: 0014BD1D
                                                                                                                                                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 0014BD53
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(0113C940), ref: 0014BDA4
                                                                                                                                                                                                                                                                                                                                                                              • InsertMenuItemW.USER32(0113C940,?,00000001,00000030), ref: 0014BDCC
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4b1156d5b327efbbab8c098fe2b21d9fd5838420c3e28dda0108ae09d56c0a10
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 635d4de9f41c607faf415958c6f0bd0a822ade2c34316d96f8985b99effa1fa3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b1156d5b327efbbab8c098fe2b21d9fd5838420c3e28dda0108ae09d56c0a10
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5251AD70A082059BDF24CFE8D8C4BAEBBF4BF55328F144299E415AB2A0D770D985CB61
                                                                                                                                                                                                                                                                                                                                                                              Function 0014C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(00000000,00007F03), ref: 0014C913
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                                              • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 83991cba3a1a86386b3001708877cc14fe0e6691795f02dd7c03db894a3c8687
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a745327382f826aa37f0a731f7d7b9c9ee884228cfa7d70882175e2b95463b82
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83991cba3a1a86386b3001708877cc14fe0e6691795f02dd7c03db894a3c8687
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA110D3678A317BBE7056B54DC83CAE779CDF25358B10002EF601A61E2EBB45D4052E4
                                                                                                                                                                                                                                                                                                                                                                              Function 0014ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0002073f90b05ebcea885ddf8c48703e867b55062eb18ca156952f0bfe48cf96
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 91b55388a8380fda78818729ff016d4f03a8fefc57186b841e1811adcd4d69d1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0002073f90b05ebcea885ddf8c48703e867b55062eb18ca156952f0bfe48cf96
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2341B275C1021876CB11EBF4C88A9DFB7A8AF59310F508462E958F3162FB74E255C3A5
                                                                                                                                                                                                                                                                                                                                                                              Function 000FF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0013682C,00000004,00000000,00000000), ref: 000FF953
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0013682C,00000004,00000000,00000000), ref: 0013F3D1
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0013682C,00000004,00000000,00000000), ref: 0013F454
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1630311c557f0d51897ae5d67bcc4286d677bb8e8f751ba1edabf7139bc8ab6f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b607341f7cabf9baac68b3d5735c7ebf535fc2d07f294ad33d4aeab9f70117e2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1630311c557f0d51897ae5d67bcc4286d677bb8e8f751ba1edabf7139bc8ab6f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C414E3160C689BAC7789B29C88877A7BE2BF56314F54403CE24B92D71C7B298C1E751
                                                                                                                                                                                                                                                                                                                                                                              Function 00172D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00172D1B
                                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00172D23
                                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00172D2E
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00172D3A
                                                                                                                                                                                                                                                                                                                                                                              • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00172D76
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00172D87
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00175A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00172DC2
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00172DE1
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d752d12c252db2fb6524908211d332cfe642609495c613c0a437406cb0ccf55b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2a32ef636091e4cc856bda47a7220f55e29d930bb3192e343e85bdc68c1e832d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d752d12c252db2fb6524908211d332cfe642609495c613c0a437406cb0ccf55b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B317C76201214BFEB218F50CC8AFEB3BB9EF09715F044059FE0C9A291D6759C91CBA4
                                                                                                                                                                                                                                                                                                                                                                              Function 00145622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 13da52b0c733f3de740847e872ee16c136076052bf81b9295414bbf1a64c8025
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f2f6f19e688c693993b2a7fcd5e7dfed90b30b72452e8eb84f432bbbe49b2341
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13da52b0c733f3de740847e872ee16c136076052bf81b9295414bbf1a64c8025
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F21C271A40A097BD31956208E82FFB336FBF21394F554034FD089A692F764ED1285A5
                                                                                                                                                                                                                                                                                                                                                                              Function 00164FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7b6de256607535f185cfce484fa8665361f0f1565ea2581ce9e75d6cd1ef8a36
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9f7fe8d2eb3cb78d9895b9c8481885f58aadcf82f53802467d5bf6925312e894
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b6de256607535f185cfce484fa8665361f0f1565ea2581ce9e75d6cd1ef8a36
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74D1D275A0060AAFDF14CFA8CC81BAEB7B6FF48344F148069E915AB281E770DD55CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00121522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,001217FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 001215CE
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,001217FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00121651
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,001217FB,?,001217FB,00000000,00000000,?,00000000,?,?,?,?), ref: 001216E4
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,001217FB,00000000,00000000,?,00000000,?,?,?,?), ref: 001216FB
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00113820: RtlAllocateHeap.NTDLL(00000000,?,001B1444,?,000FFDF5,?,?,000EA976,00000010,001B1440,000E13FC,?,000E13C6,?,000E1129), ref: 00113852
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,001217FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00121777
                                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 001217A2
                                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 001217AE
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 159d5d204a10a9f356aa3dab40ac3aec41f2541fd72dc03c983f748afb730d55
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b199c00b42a03b86f23d27b9ced089efc2995b5deb6b69aefa2a6979104e4a28
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 159d5d204a10a9f356aa3dab40ac3aec41f2541fd72dc03c983f748afb730d55
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C191C772E00226BEDF24CE74E841AEE7BB5EFA9310F184669E905E7141D735DD90CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00164523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c3d84f4cc7ce88c2e95a14d4a71a64335267481ff296f66bbe6169367318aa67
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4b38eaa1bc99392f838c6285e886f213cfcb2952ee28421715b744f2b05c22f1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3d84f4cc7ce88c2e95a14d4a71a64335267481ff296f66bbe6169367318aa67
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16918B71A00219AFDF24CFA5CC88FAEBBB8EF46710F108559F516AB281D7709955CFA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00151187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0015125C
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00151284
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 001512A8
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 001512D8
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0015135F
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 001513C4
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00151430
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b611ea934d03baea26667d4283229106b7ba3057e16da2ea6287dea1b9ab1db9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f1c24d7631f9d2fe7d4787d9a1f61778101e1cc1d9214a886880ba1171e00526
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b611ea934d03baea26667d4283229106b7ba3057e16da2ea6287dea1b9ab1db9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A891D372A00209EFDB02DFA4C885BFE77B5FF45316F214029E921EB291D774A949CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 000F948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 44c89ddb61bad418198ec42ef815aeb0ebedd16228a94b3b3b32a1e9c2b48c20
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: aaac1d388c5971a5bdd4b5ae8c1e5b677fbc3590fbb84e2e26c91b0a94977f25
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44c89ddb61bad418198ec42ef815aeb0ebedd16228a94b3b3b32a1e9c2b48c20
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61913771D00219EFCB15CFA9CC84AEEBBB8FF49720F148159E615B7291D374A981DBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00163947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 0016396B
                                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 00163A7A
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00163A8A
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00163C1F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00150CDF: VariantInit.OLEAUT32(00000000), ref: 00150D1F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00150CDF: VariantCopy.OLEAUT32(?,?), ref: 00150D28
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00150CDF: VariantClear.OLEAUT32(?), ref: 00150D34
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5c773062198c85dda7c686666656106e0b6e30ee4ba257d110f1f8e2db06de60
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9096d1ba58ffd78483ecf1ff3138c00b38ac8da9649a2b262709279b18bba25c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c773062198c85dda7c686666656106e0b6e30ee4ba257d110f1f8e2db06de60
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 219188756083459FC704EF24C88096AB7E5FF89314F14882EF89A9B352DB30EE45CB82
                                                                                                                                                                                                                                                                                                                                                                              Function 00164BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0013FF41,80070057,?,?,?,0014035E), ref: 0014002B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0013FF41,80070057,?,?), ref: 00140046
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0013FF41,80070057,?,?), ref: 00140054
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0013FF41,80070057,?), ref: 00140064
                                                                                                                                                                                                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00164C51
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00164D59
                                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00164DCF
                                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(?), ref: 00164DDA
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                              • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 82670041991cbbdc99935eb90f1400379f39f6d68ecf518a48bc07a6ecac9358
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 79d5cf7f55a6b5db1f0e43a4eee26d5ef06ced608d8c88d2e8839bf310caa1e0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82670041991cbbdc99935eb90f1400379f39f6d68ecf518a48bc07a6ecac9358
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56912671D00219AFDF14DFA4DC91AEEB7B9BF08310F108169E919B7251EB35AA54CFA0
                                                                                                                                                                                                                                                                                                                                                                              Function 001720FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetMenu.USER32(?), ref: 00172183
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(00000000), ref: 001721B5
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 001721DD
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00172213
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemID.USER32(?,?), ref: 0017224D
                                                                                                                                                                                                                                                                                                                                                                              • GetSubMenu.USER32(?,?), ref: 0017225B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00143A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00143A57
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00143A3D: GetCurrentThreadId.KERNEL32 ref: 00143A5E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00143A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,001425B3), ref: 00143A65
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 001722E3
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014E97B: Sleep.KERNEL32 ref: 0014E9F3
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a58d67065609385519648092ce2a4a9266091ed329197a0222398d874ac45b7e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e3fd83757621178bf7768b91f2d4b9cc928ffab48d55e2917b491240eb4b2a44
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a58d67065609385519648092ce2a4a9266091ed329197a0222398d874ac45b7e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9719F75A00205AFCB14DF65C885AAEB7F1FF48310F158469E95AEB352DB34EE428B90
                                                                                                                                                                                                                                                                                                                                                                              Function 00177E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • IsWindow.USER32(0113C918), ref: 00177F37
                                                                                                                                                                                                                                                                                                                                                                              • IsWindowEnabled.USER32(0113C918), ref: 00177F43
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 0017801E
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(0113C918,000000B0,?,?), ref: 00178051
                                                                                                                                                                                                                                                                                                                                                                              • IsDlgButtonChecked.USER32(?,?), ref: 00178089
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(0113C918,000000EC), ref: 001780AB
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 001780C3
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9635ca582e376c291018d6918b8a0d353167ddebe7d555f2815318b25cc81dd8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 321d59b353b08cd34ea5513158f35f1f2948f4c12207589087a4962a6ef9432b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9635ca582e376c291018d6918b8a0d353167ddebe7d555f2815318b25cc81dd8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3971AE34608244AFEB259F64C994FFABBB5EF19300F148459F96D972A1CB31AC85CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 0014AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 0014AEF9
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 0014AF0E
                                                                                                                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(?), ref: 0014AF6F
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000010,?), ref: 0014AF9D
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000011,?), ref: 0014AFBC
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000012,?), ref: 0014AFFD
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0014B020
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ed2de9021bc42150a9e93a43244bb2ec8225f299ad95a9f37495cfa524350388
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f8c3ae630022af0bba34378dd838ad1d5d199ba95ef4669809728fcb22915f92
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed2de9021bc42150a9e93a43244bb2ec8225f299ad95a9f37495cfa524350388
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0451C1A06487D53DFB3683348885BBBBEA95F06304F098589F1E9568E2C3D8EDC8D751
                                                                                                                                                                                                                                                                                                                                                                              Function 0014ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32(00000000), ref: 0014AD19
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 0014AD2E
                                                                                                                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(?), ref: 0014AD8F
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0014ADBB
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0014ADD8
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0014AE17
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0014AE38
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fc3d9de72c03293eebe5817ee546aaf9b77a8cec602b776ee847b03f5358b3dd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b731999cb064603cc87b408a0018e4ec8910989893d2075063a7a22ee6b9fb2e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc3d9de72c03293eebe5817ee546aaf9b77a8cec602b776ee847b03f5358b3dd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 755107A09887D13DFB3783748C95BBA7EA85F45300F498488E1E9568E3C394EC84D752
                                                                                                                                                                                                                                                                                                                                                                              Function 0011542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetConsoleCP.KERNEL32(00123CD6,?,?,?,?,?,?,?,?,00115BA3,?,?,00123CD6,?,?), ref: 00115470
                                                                                                                                                                                                                                                                                                                                                                              • __fassign.LIBCMT ref: 001154EB
                                                                                                                                                                                                                                                                                                                                                                              • __fassign.LIBCMT ref: 00115506
                                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00123CD6,00000005,00000000,00000000), ref: 0011552C
                                                                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,00123CD6,00000000,00115BA3,00000000,?,?,?,?,?,?,?,?,?,00115BA3,?), ref: 0011554B
                                                                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,00115BA3,00000000,?,?,?,?,?,?,?,?,?,00115BA3,?), ref: 00115584
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6f25feb3d7bffaffb37c67f6c29285436a6a41c4cd08911600b12d016682addd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d07bbd562614cd8dd39d7ed8705e416276ede42eb11109a573a910b0587d23fa
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f25feb3d7bffaffb37c67f6c29285436a6a41c4cd08911600b12d016682addd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F51C571A00649DFDB15CFA8D845AEEBBFAEF49300F14412EF555E7291E7309A81CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 00102D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00102D4B
                                                                                                                                                                                                                                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00102D53
                                                                                                                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00102DE1
                                                                                                                                                                                                                                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00102E0C
                                                                                                                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00102E61
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d1e56e44583ea5e181c94cdd3443ed4e2f90361b3a33a95b47d407a73acca679
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0202120cd5102d82793fcd2019e4b9a434a47dea3040c52e7e83c5f4356a9a10
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1e56e44583ea5e181c94cdd3443ed4e2f90361b3a33a95b47d407a73acca679
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F641A334A00209ABCF14DFA8C849A9EBBB5BF45324F148195E8546B3D2D7B1AE45CBD0
                                                                                                                                                                                                                                                                                                                                                                              Function 001610B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016304E: inet_addr.WSOCK32(?), ref: 0016307A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016304E: _wcslen.LIBCMT ref: 0016309B
                                                                                                                                                                                                                                                                                                                                                                              • socket.WSOCK32(00000002,00000001,00000006), ref: 00161112
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00161121
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 001611C9
                                                                                                                                                                                                                                                                                                                                                                              • closesocket.WSOCK32(00000000), ref: 001611F9
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2e1d068e92eb20b805e47018931c39ca313ba3ebf7960ffdcd5440118365f10d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: be3851434c4586ee2c58ec930d96dd284e121f36b61c9fa0cd06b6cc679db560
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e1d068e92eb20b805e47018931c39ca313ba3ebf7960ffdcd5440118365f10d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4641D431600604AFDB109F24CC85BAAB7F9EF46324F188059FD19AB292C774AD81CBE1
                                                                                                                                                                                                                                                                                                                                                                              Function 0014CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0014CF22,?), ref: 0014DDFD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0014CF22,?), ref: 0014DE16
                                                                                                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,?), ref: 0014CF45
                                                                                                                                                                                                                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 0014CF7F
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0014D005
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0014D01B
                                                                                                                                                                                                                                                                                                                                                                              • SHFileOperationW.SHELL32(?), ref: 0014D061
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 55bf71dde3ee9946c933ea75aca0cd411604215529d1c86635744e695469bc6c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ef83a6e9699e510cce2270772cd7af9aaa25be398c36fda4f72d62f577737125
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55bf71dde3ee9946c933ea75aca0cd411604215529d1c86635744e695469bc6c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B4169719452189FDF12EFA4D981ADE77F9AF18340F1000E6E549E7152EB35A688CB50
                                                                                                                                                                                                                                                                                                                                                                              Function 00172DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00172E1C
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00172E4F
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00172E84
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00172EB6
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00172EE0
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00172EF1
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00172F0B
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b7ed7f20a780e68d98981d704ff77d734f542deb966c2020da14782101a03d43
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 65a844dc3e66e08e54aee48de2ea28087190a440e6468baf2f76201b1ccca58f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b7ed7f20a780e68d98981d704ff77d734f542deb966c2020da14782101a03d43
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E310430604250AFEB21CF58DC94FA537F1FB9A714F1541A8F9489F6B2CB71A881DB81
                                                                                                                                                                                                                                                                                                                                                                              Function 00147726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00147769
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0014778F
                                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 00147792
                                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 001477B0
                                                                                                                                                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 001477B9
                                                                                                                                                                                                                                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000028), ref: 001477DE
                                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 001477EC
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 13c3e3bbbba67f4e3971e2abafbb33fc6ef33459b73647698d5947b76ceb1875
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ae750584fb4d1b6fad8a4587bef167eb9e602735d39e7f678029b218b3e108d3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13c3e3bbbba67f4e3971e2abafbb33fc6ef33459b73647698d5947b76ceb1875
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE21A176604219AFDF10EFA8CC88CBB77ACEF097657448429FA19DB1A1D770DC8587A0
                                                                                                                                                                                                                                                                                                                                                                              Function 001477FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00147842
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00147868
                                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 0014786B
                                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32 ref: 0014788C
                                                                                                                                                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32 ref: 00147895
                                                                                                                                                                                                                                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000028), ref: 001478AF
                                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 001478BD
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 85844e8752623ff7df3d11b190f9ebbe5c13f4b01406d035657d5e24d706cf09
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7c5dbfadf5d045371f948ab2aec99311e124b6ba7de6137c85394163a32020e3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85844e8752623ff7df3d11b190f9ebbe5c13f4b01406d035657d5e24d706cf09
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A214175608205AFDB109FA8DC8CDBA77ECEB097607108125F915DB2B1DB74DC81CB64
                                                                                                                                                                                                                                                                                                                                                                              Function 001504D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetStdHandle.KERNEL32(0000000C), ref: 001504F2
                                                                                                                                                                                                                                                                                                                                                                              • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0015052E
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                              • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: db6427c3893561fb26a2c8c5f4e3ffb552064391d499743476256ddcd87904ee
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fba44fb72c111e6333faf6d96ceb1c2aa10da669db014a07a6b8c18942f1cefd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db6427c3893561fb26a2c8c5f4e3ffb552064391d499743476256ddcd87904ee
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97217E75510305EFDB219FA9D804A9A77B4BF49725F204A19FCB1EA2E0E7709988CF60
                                                                                                                                                                                                                                                                                                                                                                              Function 001505A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F6), ref: 001505C6
                                                                                                                                                                                                                                                                                                                                                                              • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00150601
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                              • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fa7c270c8f3e17821570fe7f6295dae575e0bb4cd055ed1eb81df2ac94c272fa
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fc4913c7bdde53d15715e79d61bfdddd82915a591914edfb68ed05bddb844e2c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa7c270c8f3e17821570fe7f6295dae575e0bb4cd055ed1eb81df2ac94c272fa
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8217F75500306DFDB219FA9CC04A9A77A4BF99721F240A19ECB1EB2E0E77099A4CB50
                                                                                                                                                                                                                                                                                                                                                                              Function 001740AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 000E604C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E600E: GetStockObject.GDI32(00000011), ref: 000E6060
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 000E606A
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00174112
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0017411F
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0017412A
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00174139
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00174145
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f486f9aca6c5e1498902d79850f47e783281bd1add3f8701ce6296d547e0c9a1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7e8d628080fb33bb6f912537870140323a04c0e85372da4701964ae390abdaab
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f486f9aca6c5e1498902d79850f47e783281bd1add3f8701ce6296d547e0c9a1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1011B2B2140219BFEF119F64CC85EE77FADEF18798F118110BA18A2190C7729C61DBA4
                                                                                                                                                                                                                                                                                                                                                                              Function 0011D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0011D7A3: _free.LIBCMT ref: 0011D7CC
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011D82D
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001129C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0011D7D1,00000000,00000000,00000000,00000000,?,0011D7F8,00000000,00000007,00000000,?,0011DBF5,00000000), ref: 001129DE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001129C8: GetLastError.KERNEL32(00000000,?,0011D7D1,00000000,00000000,00000000,00000000,?,0011D7F8,00000000,00000007,00000000,?,0011DBF5,00000000,00000000), ref: 001129F0
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011D838
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011D843
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011D897
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011D8A2
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011D8AD
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011D8B8
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 32171ebeac2fb8d0622120f52d599f38b2a0d67d921f2014e4b11950d84fdb49
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1118E71540B18AAD625BFF0DC07FCB7BDCAF20704F440835F299AA0D2DBB4B5A58661
                                                                                                                                                                                                                                                                                                                                                                              Function 0014DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0014DA74
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000), ref: 0014DA7B
                                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0014DA91
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000), ref: 0014DA98
                                                                                                                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0014DADC
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • %s (%d) : ==> %s: %s %s, xrefs: 0014DAB9
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 023f29ca2ae47fe30fab828d780ce3ac0318919a421d3e5ab80e0f0073ddcf32
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1f8584da2355b6fdaee0e4e460e5e6a6faacd1578b5f03eb65f85f7e09443c17
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 023f29ca2ae47fe30fab828d780ce3ac0318919a421d3e5ab80e0f0073ddcf32
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 000162F6500208BFEB11ABA0DD89EE7367CE708701F4044A9B70AE2441EA749EC48FB5
                                                                                                                                                                                                                                                                                                                                                                              Function 0015096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(01133810,01133810), ref: 0015097B
                                                                                                                                                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(011337F0,00000000), ref: 0015098D
                                                                                                                                                                                                                                                                                                                                                                              • TerminateThread.KERNEL32(?,000001F6), ref: 0015099B
                                                                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000003E8), ref: 001509A9
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 001509B8
                                                                                                                                                                                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(01133810,000001F6), ref: 001509C8
                                                                                                                                                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(011337F0), ref: 001509CF
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4df7fbe38618896a52fb2e99bf3e35d6ae06502317ee052706989757f288d56d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ef1c156b9f9bb3eb0a210cad418db7c1d92f92aeb59d6d1125cc506f94c13eef
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4df7fbe38618896a52fb2e99bf3e35d6ae06502317ee052706989757f288d56d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03F01932442A02EBD7425BA4EE88AD6BB39BF05702F402029F206A4CA5CB7494E5CFD0
                                                                                                                                                                                                                                                                                                                                                                              Function 00161C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • __WSAFDIsSet.WSOCK32(00000000,?), ref: 00161DC0
                                                                                                                                                                                                                                                                                                                                                                              • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00161DE1
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00161DF2
                                                                                                                                                                                                                                                                                                                                                                              • htons.WSOCK32(?), ref: 00161EDB
                                                                                                                                                                                                                                                                                                                                                                              • inet_ntoa.WSOCK32(?), ref: 00161E8C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001439E8: _strlen.LIBCMT ref: 001439F2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00163224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0015EC0C), ref: 00163240
                                                                                                                                                                                                                                                                                                                                                                              • _strlen.LIBCMT ref: 00161F35
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ef11909f0eab7c4b363326c00629364cf70fd61053a0035b01210428c64a5aeb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f34eec5877235f4dab5edeaea40cf0b6980655e0eff55e7c7ca3ba39590bc8ac
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef11909f0eab7c4b363326c00629364cf70fd61053a0035b01210428c64a5aeb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BB1D031604340AFC324DF24CC85E6A7BA5AF84318F98898CF55A5B2E3CB71ED46CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 000E5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 000E5D30
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 000E5D71
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 000E5D99
                                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 000E5ED7
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 000E5EF8
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 02698aff017e7db59077c117157ae87c716c836c6813896fe8a021f7583ba09a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4e10bf797aacedd67847456a95b05cda5fb7a9b8fae88ce3d0ee0f0f3336aecf
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02698aff017e7db59077c117157ae87c716c836c6813896fe8a021f7583ba09a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7B16C34A1068ADFDB24CFA9C8407EEB7F1FF58315F14881AE8A9E7250D730AA51DB50
                                                                                                                                                                                                                                                                                                                                                                              Function 001101B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 001100BA
                                                                                                                                                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 001100D6
                                                                                                                                                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 001100ED
                                                                                                                                                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0011010B
                                                                                                                                                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 00110122
                                                                                                                                                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00110140
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9f1489a132a2f707b77a015a4e15af76512705f92402f8d3b36fa10c78c3e4e6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF812872A00706ABE7299F28CC82BAB73E8AF69364F25413DF451D66C1E7F4D9C18750
                                                                                                                                                                                                                                                                                                                                                                              Function 001161FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,001082D9,001082D9,?,?,?,0011644F,00000001,00000001,8BE85006), ref: 00116258
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0011644F,00000001,00000001,8BE85006,?,?,?), ref: 001162DE
                                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 001163D8
                                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 001163E5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00113820: RtlAllocateHeap.NTDLL(00000000,?,001B1444,?,000FFDF5,?,?,000EA976,00000010,001B1440,000E13FC,?,000E13C6,?,000E1129), ref: 00113852
                                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 001163EE
                                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00116413
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a9b7404c5c98278c8607e47b98f9dd2b256cb370179f63d2ab5f4cd1acb5e0c5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fdbc2e387ed97735dc14ea1ad3b768aea5c925f283a7a198d7511772c3a1d18f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a9b7404c5c98278c8607e47b98f9dd2b256cb370179f63d2ab5f4cd1acb5e0c5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB51E172A10226ABDB2D8F64CC81EEF77AAEB54710F154239FC19D6140EB36DCC0D6A0
                                                                                                                                                                                                                                                                                                                                                                              Function 0016BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0016B6AE,?,?), ref: 0016C9B5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016C998: _wcslen.LIBCMT ref: 0016C9F1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016C998: _wcslen.LIBCMT ref: 0016CA68
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016C998: _wcslen.LIBCMT ref: 0016CA9E
                                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0016BCCA
                                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0016BD25
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0016BD6A
                                                                                                                                                                                                                                                                                                                                                                              • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0016BD99
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0016BDF3
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 0016BDFF
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d33a6dd7e4e62b757644bdcac1c3a85b4f405a4a474da39a8d702a48c6092701
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fe692c86f66abce1a209f60cb597c4638d19aee4f0c57caf47ff9609f5fbd585
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d33a6dd7e4e62b757644bdcac1c3a85b4f405a4a474da39a8d702a48c6092701
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE818C31208241AFD714DF64C8C5E6ABBE5FF84308F14895CF5598B2A2DB32ED95CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 0013F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(00000035), ref: 0013F7B9
                                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000001), ref: 0013F860
                                                                                                                                                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(0013FA64,00000000), ref: 0013F889
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(0013FA64), ref: 0013F8AD
                                                                                                                                                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(0013FA64,00000000), ref: 0013F8B1
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0013F8BB
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 205ef3be6aed264c974fc24b33d3034e2dfc7aa5aaf4d9f726968ab781bf8cce
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e3d841f74d63aaadc43aef8b6712935b77302412f2646dd56a6cc3ccd87e536d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 205ef3be6aed264c974fc24b33d3034e2dfc7aa5aaf4d9f726968ab781bf8cce
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A51F431E00300FADF28AB65D895B79B3A8EF55314F20946EF906EF292DB708C45C796
                                                                                                                                                                                                                                                                                                                                                                              Function 0015910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E7620: _wcslen.LIBCMT ref: 000E7625
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E6B57: _wcslen.LIBCMT ref: 000E6B6A
                                                                                                                                                                                                                                                                                                                                                                              • GetOpenFileNameW.COMDLG32(00000058), ref: 001594E5
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00159506
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0015952D
                                                                                                                                                                                                                                                                                                                                                                              • GetSaveFileNameW.COMDLG32(00000058), ref: 00159585
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                                              • String ID: X
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 98342e46094c2ff3b3e36d8edce05775d0e45c1f57b562e2d2c47e76188c671c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7cbf0e03f64dd7fce42661cc846c396a14f942f309e8d6144a7c1b66118cbd59
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98342e46094c2ff3b3e36d8edce05775d0e45c1f57b562e2d2c47e76188c671c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DDE1A331508340DFC724DF25C881AAAB7E0FF85314F14896DF999AB2A2DB31DD45CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 000F920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 000F9BB2
                                                                                                                                                                                                                                                                                                                                                                              • BeginPaint.USER32(?,?,?), ref: 000F9241
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 000F92A5
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 000F92C2
                                                                                                                                                                                                                                                                                                                                                                              • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 000F92D3
                                                                                                                                                                                                                                                                                                                                                                              • EndPaint.USER32(?,?,?,?,?), ref: 000F9321
                                                                                                                                                                                                                                                                                                                                                                              • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 001371EA
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9339: BeginPath.GDI32(00000000), ref: 000F9357
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9f5988f6bb121f2c2410960e27b74386cc9f7e65d129380d3b3873e688fbe409
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8ab90fa1329ed6f8f44baba31f6ec4417060aa608af92ede2712250951823103
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f5988f6bb121f2c2410960e27b74386cc9f7e65d129380d3b3873e688fbe409
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C141DD71104304AFD721DF24CC94FBA7BF8EB45324F100629FAA4876E2C7319885EB61
                                                                                                                                                                                                                                                                                                                                                                              Function 001507EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,000001F5), ref: 0015080C
                                                                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00150847
                                                                                                                                                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 00150863
                                                                                                                                                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 001508DC
                                                                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 001508F3
                                                                                                                                                                                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,000001F6), ref: 00150921
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5e7a577e4881d5a5c9606ced7ffd1a9834782e333dbe555df91c7afe8a189bb9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9c3935a578734fa0fa42510ae9cd2f8b5e0ecdfa5add0e60d5f561f3c666ce15
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e7a577e4881d5a5c9606ced7ffd1a9834782e333dbe555df91c7afe8a189bb9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A415B71900205EFDF159F94DC85AAA7778FF08310F1440A9ED04AE29BDB70DEA5DBA4
                                                                                                                                                                                                                                                                                                                                                                              Function 001781DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0013F3AB,00000000,?,?,00000000,?,0013682C,00000004,00000000,00000000), ref: 0017824C
                                                                                                                                                                                                                                                                                                                                                                              • EnableWindow.USER32(?,00000000), ref: 00178272
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,00000000), ref: 001782D1
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000004), ref: 001782E5
                                                                                                                                                                                                                                                                                                                                                                              • EnableWindow.USER32(?,00000001), ref: 0017830B
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0017832F
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8e80219830e84c1ed3b992b13e5897778e2aad137a3c4b42bd72deb33bd46e0b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 805de5eea654859c96e169e24cc66a03c25b6bbf7fc488790e25b417af6f2cc7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e80219830e84c1ed3b992b13e5897778e2aad137a3c4b42bd72deb33bd46e0b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F641C530641644AFDB15CF14D89DBE47BF1FB0A715F198269E60C4B263CB31A881CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00144C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 00144C95
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00144CB2
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00144CEA
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00144D08
                                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00144D10
                                                                                                                                                                                                                                                                                                                                                                              • _wcsstr.LIBVCRUNTIME ref: 00144D1A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 87d0e1a7fa032dda46362fa015510303bec9b2aead804a78e8360b578aed01b4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 803c7ea3dfa414c06bf0b59f7109705f04cb1f00080730166624ffb755c5b2aa
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87d0e1a7fa032dda46362fa015510303bec9b2aead804a78e8360b578aed01b4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F212672604204BBEB155B79AC89FBB7BACDF55750F10803DF909CA1A2EB61CC4092A0
                                                                                                                                                                                                                                                                                                                                                                              Function 0015581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,000E3A97,?,?,000E2E7F,?,?,?,00000000), ref: 000E3AC2
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0015587B
                                                                                                                                                                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00155995
                                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(0017FCF8,00000000,00000001,0017FB68,?), ref: 001559AE
                                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 001559CC
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5f1ff0526886207370548622af6bbe69073108f6f1856a5690104778f2fa9f6a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ed07d01e6cbb9da83972e384ccb8a9d8f19d9da4136206859de10615fc46c5de
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5f1ff0526886207370548622af6bbe69073108f6f1856a5690104778f2fa9f6a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBD17371608701DFC704DF25C494A6ABBE2EF89315F14885DF899AB362CB31EC49CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 0014175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00140FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00140FCA
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00140FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00140FD6
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00140FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00140FE5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00140FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00140FEC
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00140FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00141002
                                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?,00000000,00141335), ref: 001417AE
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000000), ref: 001417BA
                                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 001417C1
                                                                                                                                                                                                                                                                                                                                                                              • CopySid.ADVAPI32(00000000,00000000,?), ref: 001417DA
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00141335), ref: 001417EE
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 001417F5
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 02d629022997dc415823b51685d1e547983dc7837437c7148005470f9ee0652c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 82287c754a731f58c7369617288bfb2ea1831b1727e49efc3deecb3738e1004b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02d629022997dc415823b51685d1e547983dc7837437c7148005470f9ee0652c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B118E32510205FFDB149FA4CC49BAE7BB9EB45366F104028F44597220D735A9C4CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 001414CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 001414FF
                                                                                                                                                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00141506
                                                                                                                                                                                                                                                                                                                                                                              • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00141515
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000004), ref: 00141520
                                                                                                                                                                                                                                                                                                                                                                              • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0014154F
                                                                                                                                                                                                                                                                                                                                                                              • DestroyEnvironmentBlock.USERENV(00000000), ref: 00141563
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6d71d442aac232f7ca293f94bce3c2495a5cdbc7f3b10f2922f8c1f0d7af770b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: edd6e766de4a39a124a0b9ca6b9689b88c4d76ccc50ea5d23c89d1548d6e2293
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d71d442aac232f7ca293f94bce3c2495a5cdbc7f3b10f2922f8c1f0d7af770b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB112972505209BBDF118F98DD49BDE7BB9EF49754F044019FA09A6060C3758EA0DBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00103382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00103379,00102FE5), ref: 00103390
                                                                                                                                                                                                                                                                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0010339E
                                                                                                                                                                                                                                                                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 001033B7
                                                                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,00103379,00102FE5), ref: 00103409
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9328bfc6a96ee4a28b79b17060efed9dca216a190af3b8ee859fb4e50d3b673a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8a1fa3ad26ad7435b6555b7d288481e53d3c29adb2f50afdb157531ceba60168
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9328bfc6a96ee4a28b79b17060efed9dca216a190af3b8ee859fb4e50d3b673a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65012432208311BEE62927747DC56672A9CFB263793200229F6B0882F0FFA24E815284
                                                                                                                                                                                                                                                                                                                                                                              Function 00112D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00115686,00123CD6,?,00000000,?,00115B6A,?,?,?,?,?,0010E6D1,?,001A8A48), ref: 00112D78
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00112DAB
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00112DD3
                                                                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,?,?,0010E6D1,?,001A8A48,00000010,000E4F4A,?,?,00000000,00123CD6), ref: 00112DE0
                                                                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,?,?,0010E6D1,?,001A8A48,00000010,000E4F4A,?,?,00000000,00123CD6), ref: 00112DEC
                                                                                                                                                                                                                                                                                                                                                                              • _abort.LIBCMT ref: 00112DF2
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 95a2a3caab2b9ec8692275c83d1471792946c33c4fbca7aaf03d9092bc76221d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 33dcbae1e23f7b4e309c64ab89d6621d922f525f63959890b9ca20b77c2dcdb5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95a2a3caab2b9ec8692275c83d1471792946c33c4fbca7aaf03d9092bc76221d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70F0A9315446106BCA1E37B8FC06ADA15656BD2771B25043CF828925D5EF3488E152A0
                                                                                                                                                                                                                                                                                                                                                                              Function 00178A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 000F9693
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9639: SelectObject.GDI32(?,00000000), ref: 000F96A2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9639: BeginPath.GDI32(?), ref: 000F96B9
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9639: SelectObject.GDI32(?,00000000), ref: 000F96E2
                                                                                                                                                                                                                                                                                                                                                                              • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00178A4E
                                                                                                                                                                                                                                                                                                                                                                              • LineTo.GDI32(?,00000003,00000000), ref: 00178A62
                                                                                                                                                                                                                                                                                                                                                                              • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00178A70
                                                                                                                                                                                                                                                                                                                                                                              • LineTo.GDI32(?,00000000,00000003), ref: 00178A80
                                                                                                                                                                                                                                                                                                                                                                              • EndPath.GDI32(?), ref: 00178A90
                                                                                                                                                                                                                                                                                                                                                                              • StrokePath.GDI32(?), ref: 00178AA0
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8c940fa2ea4056c9a127ab699c216ddc47482d3ef068b0b9f7b2d711774ee0c1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: af9c197eb5be5e4a3e24b6fadf895f3f404ba80c2e801a35f21fe51f35a62cc3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c940fa2ea4056c9a127ab699c216ddc47482d3ef068b0b9f7b2d711774ee0c1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9311057604014CFFEB129F90DC88EAA7F6DEB08354F008026BA199A5A1C7719E95DFA0
                                                                                                                                                                                                                                                                                                                                                                              Function 001451FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00145218
                                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 00145229
                                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00145230
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00145238
                                                                                                                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0014524F
                                                                                                                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00145261
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: eb9a1ddd0d02cce1cce12b8e3fc5e40ec1f93b21d83cb3a19585289546839c3b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5ceb50033cb1879e80703e77f88dcd1c6ff7a8fadd3395fc6850ca19cb17d282
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb9a1ddd0d02cce1cce12b8e3fc5e40ec1f93b21d83cb3a19585289546839c3b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE014F75E40718BBEB109BA59C49E5EBFB9EF48751F04406AFA08A7691D6709840CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 000E1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(0000005B,00000000), ref: 000E1BF4
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000010,00000000), ref: 000E1BFC
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(000000A0,00000000), ref: 000E1C07
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(000000A1,00000000), ref: 000E1C12
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000011,00000000), ref: 000E1C1A
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 000E1C22
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: aabe9c89f069a1ff2c2809b27e9ea0d5edb960881fc2925d8cc55deba32ed4dc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e03b68ce8a664efdfac3af10f58d73c37d6e1c1c9b717b5af4d76ab09cc64d67
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aabe9c89f069a1ff2c2809b27e9ea0d5edb960881fc2925d8cc55deba32ed4dc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 370148B09027597DE3008F5A8C85A52FEA8FF19754F00411BA15C47A41C7B5A8A4CBE5
                                                                                                                                                                                                                                                                                                                                                                              Function 0014EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0014EB30
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0014EB46
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 0014EB55
                                                                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0014EB64
                                                                                                                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0014EB6E
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0014EB75
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 347aa783ca29a06e375f04b69bf4c0652a56168bf5c717540ae5e22e95fec1c7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d970a522575c185e5c3347a48ce429b42328ef1bcc0573309da4e21c34c13de5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 347aa783ca29a06e375f04b69bf4c0652a56168bf5c717540ae5e22e95fec1c7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29F05E72240158BBE7215B629C4EEEF3E7CEFCAB11F00016CF605E1591E7A05A81CAF5
                                                                                                                                                                                                                                                                                                                                                                              Function 00137439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?), ref: 00137452
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001328,00000000,?), ref: 00137469
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowDC.USER32(?), ref: 00137475
                                                                                                                                                                                                                                                                                                                                                                              • GetPixel.GDI32(00000000,?,?), ref: 00137484
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00137496
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000005), ref: 001374B0
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 14db671bcd74e1a598a9e02c922ce4e03460950632f3a517e554ded4f285d545
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c212186a85eb7ae79f4b20a657ef3746545406a621217e9c9114616253534d99
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14db671bcd74e1a598a9e02c922ce4e03460950632f3a517e554ded4f285d545
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2014B31504215EFEB616F64DC08BEABBB6FB04321F510168F91AA25A1CB312ED1AB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00141874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0014187F
                                                                                                                                                                                                                                                                                                                                                                              • UnloadUserProfile.USERENV(?,?), ref: 0014188B
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00141894
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0014189C
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 001418A5
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 001418AC
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 38cdd4a2e2237d53a8649d48be79a78fb5ca899888cb6518b32a2741f6be87d7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a7bda341ab89a8fd79e94f6beb4109795fce94fd2ce21a0dae0c0602d6f6bbaa
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38cdd4a2e2237d53a8649d48be79a78fb5ca899888cb6518b32a2741f6be87d7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07E07576104505FBEB015FA5ED0C94ABF79FF49B22B508629F22991871CB3294E1DF90
                                                                                                                                                                                                                                                                                                                                                                              Function 0014C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E7620: _wcslen.LIBCMT ref: 000E7625
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0014C6EE
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0014C735
                                                                                                                                                                                                                                                                                                                                                                              • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0014C79C
                                                                                                                                                                                                                                                                                                                                                                              • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0014C7CA
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cab2246aafed9461d187b1f03ba28be046b1244f9a8f33101b3d140721790688
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c0a9c59d56c9f8eaa46dab977450ed5eb86c750dfde2996a30e19a27ca502d02
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cab2246aafed9461d187b1f03ba28be046b1244f9a8f33101b3d140721790688
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C51F0726063419BD7949F28C885BBBB7E8AF49315F040A2DF995E32B1DB70D844CBD2
                                                                                                                                                                                                                                                                                                                                                                              Function 0016AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ShellExecuteExW.SHELL32(0000003C), ref: 0016AEA3
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E7620: _wcslen.LIBCMT ref: 000E7625
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessId.KERNEL32(00000000), ref: 0016AF38
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0016AF67
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 580b9035a81d174658d6075739af1174b8fc61ca104e43604811b8e0c939e5af
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6b6995750cf5d642d9cc1b79018b5e10fbc2b65f005b0d442bbe1174c41a6c97
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 580b9035a81d174658d6075739af1174b8fc61ca104e43604811b8e0c939e5af
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA716671A00659DFCB14DF65C884A9EBBF0BF08310F448499E81AAB3A2CB71ED41CF91
                                                                                                                                                                                                                                                                                                                                                                              Function 0014719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00147206
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0014723C
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0014724D
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 001472CF
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 03ce1db4fd26dcc1307509e52c9d547d59903ea42e526d39ed953362d0fd05c4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4a35da40e4cbc9033440ef6f4c3dd217cce8d29acf32800452fd0fa8f486f3d0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03ce1db4fd26dcc1307509e52c9d547d59903ea42e526d39ed953362d0fd05c4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D416171604204EFDB15CF64C884EAA7BB9EF44310F1580ADBD099F29AD7F1DA45CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00173D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00173E35
                                                                                                                                                                                                                                                                                                                                                                              • IsMenu.USER32(?), ref: 00173E4A
                                                                                                                                                                                                                                                                                                                                                                              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00173E92
                                                                                                                                                                                                                                                                                                                                                                              • DrawMenuBar.USER32 ref: 00173EA5
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 06bd67859aaafb92c9bce292863bbab74c6d2e186fc0ae1e97b139c559c603c3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ef1614cd3712485011dfbec0b9bfb712f1e86f9f777c2f0be1e50c6131058c9a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 06bd67859aaafb92c9bce292863bbab74c6d2e186fc0ae1e97b139c559c603c3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87415B75A01209EFDB10DF50D884EEABBB5FF49354F048129F919A7250DB30AE45DF90
                                                                                                                                                                                                                                                                                                                                                                              Function 00141DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00143CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00143CCA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00141E66
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00141E79
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000189,?,00000000), ref: 00141EA9
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E6B57: _wcslen.LIBCMT ref: 000E6B6A
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 21478ba26e8b24d688b5eb9c6e1b10e2d27802d2e00bca74e56dec83c8720203
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 771b3c50dc522558d8ad7ec46e002d493507ceb9068c61c01014ba93bcfd544d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21478ba26e8b24d688b5eb9c6e1b10e2d27802d2e00bca74e56dec83c8720203
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD216875A00104BEDB19ABA5DC86CFFB7B9EF42350B50411DF825B32F2EB344D8A8620
                                                                                                                                                                                                                                                                                                                                                                              Function 00172F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00172F8D
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryW.KERNEL32(?), ref: 00172F94
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00172FA9
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 00172FB1
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5b6b80d9cce0217fd3660733058f9469d25ca84bb2b381ca5f247475c81d6d96
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fa275cf67f889ca066f60fbcf53bcf7840a1515d63ba7a0e3196093c28f64639
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b6b80d9cce0217fd3660733058f9469d25ca84bb2b381ca5f247475c81d6d96
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA218C72204205ABEB104F64DC80EBB77B9EB59364F108619F958D6190D771DC929760
                                                                                                                                                                                                                                                                                                                                                                              Function 00104D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00104D1E,001128E9,?,00104CBE,001128E9,001A88B8,0000000C,00104E15,001128E9,00000002), ref: 00104D8D
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00104DA0
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,00104D1E,001128E9,?,00104CBE,001128E9,001A88B8,0000000C,00104E15,001128E9,00000002,00000000), ref: 00104DC3
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d94faedcf87e2eaf33df1d3a57e1f9853e8e69d310652498fdaa621b03c88d51
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f16e31c7d783e2ee13ee89b768f70cbc0747cf519153020f00cfdc88043512d0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d94faedcf87e2eaf33df1d3a57e1f9853e8e69d310652498fdaa621b03c88d51
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DF04F75A40208FBDB119F94DC49BEDBBB5EF58751F4400A8F949A26A0CB705AC0CBD1
                                                                                                                                                                                                                                                                                                                                                                              Function 000E4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?,000E4EDD,?,001B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 000E4E9C
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 000E4EAE
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,000E4EDD,?,001B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 000E4EC0
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a0d5a6b7986f722ed12e084b8133e1474ca76431b23078193e979887062665eb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: abc9974678ad0e4bcdd4b4c6cdf3aef375d175d8c3719d3eecd6578b4227ae3c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0d5a6b7986f722ed12e084b8133e1474ca76431b23078193e979887062665eb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5E0CD35E015629FD2711B2A6C18B5FA6F4AFC1F62B050129FC08F3700DB60CD8185E0
                                                                                                                                                                                                                                                                                                                                                                              Function 000E4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00123CDE,?,001B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 000E4E62
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 000E4E74
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00123CDE,?,001B1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 000E4E87
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fbbbd98da796957b3d89b583a7c39815a5f2b914336d614a766d286501ee56a8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 255a4afc599c5e24859213285951522deb2beab0e812acbccc04e013d7b31346
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbbbd98da796957b3d89b583a7c39815a5f2b914336d614a766d286501ee56a8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4D05B359027719B96761B2A7C1CECF6AB8AF8AF513494539F909F3614CF60CE81C5D0
                                                                                                                                                                                                                                                                                                                                                                              Function 00152947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00152C05
                                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?), ref: 00152C87
                                                                                                                                                                                                                                                                                                                                                                              • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00152C9D
                                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00152CAE
                                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00152CC0
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d6e0ac2ef18ce7323d452c7032075bfd4f9c56e9597b2f8a97839ec116eef6e1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 94513efb5f6a419de7ec9199e7e566a886af90c79491df4182b4295ef9955421
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6e0ac2ef18ce7323d452c7032075bfd4f9c56e9597b2f8a97839ec116eef6e1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8B17072A00119ABDF25DBA4CC85EDE77BDEF59301F1040A6F919EB142EB309A488F61
                                                                                                                                                                                                                                                                                                                                                                              Function 0016A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 0016A427
                                                                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0016A435
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0016A468
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 0016A63D
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7a1720190c093346395d329a951b1f3dc9e80be727e2714ce99269293c8f4bd2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c1be067e4862aa488c6be5ada1f1d150cecab2dd230bd4f8956bff0ba417447a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a1720190c093346395d329a951b1f3dc9e80be727e2714ce99269293c8f4bd2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24A1C1716043019FE720DF24DC82F6AB7E1AF84714F54881DF55AAB293DBB1EC418B92
                                                                                                                                                                                                                                                                                                                                                                              Function 0011BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00183700), ref: 0011BB91
                                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,001B121C,000000FF,00000000,0000003F,00000000,?,?), ref: 0011BC09
                                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,001B1270,000000FF,?,0000003F,00000000,?), ref: 0011BC36
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011BB7F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001129C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0011D7D1,00000000,00000000,00000000,00000000,?,0011D7F8,00000000,00000007,00000000,?,0011DBF5,00000000), ref: 001129DE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001129C8: GetLastError.KERNEL32(00000000,?,0011D7D1,00000000,00000000,00000000,00000000,?,0011D7F8,00000000,00000007,00000000,?,0011DBF5,00000000,00000000), ref: 001129F0
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011BD4B
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1e7103c80db1dff2977f0377667bf159ed50f77283f17ac2c816a73813ffa7c8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a31910da9ff680f0a8d4301af46ccbaae09fd37bff80725cdbb291edc8dede86
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e7103c80db1dff2977f0377667bf159ed50f77283f17ac2c816a73813ffa7c8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6051D871908209AFCB18EF65DCC19EEB7B8BF54310B6102BAE464D7591DB305ED08B90
                                                                                                                                                                                                                                                                                                                                                                              Function 0014E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0014CF22,?), ref: 0014DDFD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0014CF22,?), ref: 0014DE16
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014E199: GetFileAttributesW.KERNEL32(?,0014CF95), ref: 0014E19A
                                                                                                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,?), ref: 0014E473
                                                                                                                                                                                                                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 0014E4AC
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0014E5EB
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0014E603
                                                                                                                                                                                                                                                                                                                                                                              • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0014E650
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d436a471f1b82f3b8cb08541756f7046167cddf836ba1f415a7b5b64805d118f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: afeab50fcf176e64adbe8ba5b6b44b8a60a997bdb9d82c955a563fb1c3ef342d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d436a471f1b82f3b8cb08541756f7046167cddf836ba1f415a7b5b64805d118f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 425153B25083859FC724EB90DC819DB73ECAF94340F44491EF589D31A2EF74A588CB66
                                                                                                                                                                                                                                                                                                                                                                              Function 0016B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0016B6AE,?,?), ref: 0016C9B5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016C998: _wcslen.LIBCMT ref: 0016C9F1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016C998: _wcslen.LIBCMT ref: 0016CA68
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016C998: _wcslen.LIBCMT ref: 0016CA9E
                                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0016BAA5
                                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0016BB00
                                                                                                                                                                                                                                                                                                                                                                              • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0016BB63
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?), ref: 0016BBA6
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0016BBB3
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bf5351c081526e3e5433666b15c769eb4fe689b10d71b4125924c637d7690ca9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1e42263e5e20229016d45a80296d127e81ac6be1c424e8c5341689a9fd37b316
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf5351c081526e3e5433666b15c769eb4fe689b10d71b4125924c637d7690ca9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5618F31208241AFD714DF64C8D1E6ABBE5FF84308F54895CF4998B2A2DB31ED85CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 00148BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00148BCD
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32 ref: 00148C3E
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32 ref: 00148C9D
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00148D10
                                                                                                                                                                                                                                                                                                                                                                              • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00148D3B
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 69c4cdd8bc3fde9a5600e2f10564f8e7ee682ef35e32860a0db3e2bc128de47c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 07a953415e4a6e84f65ea156670234a52263aea1874658e48a2150aeb02f40fd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69c4cdd8bc3fde9a5600e2f10564f8e7ee682ef35e32860a0db3e2bc128de47c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1515AB5A01219EFCB14CF68C894AAAB7F8FF89314B158559E909DB360E730E911CF90
                                                                                                                                                                                                                                                                                                                                                                              Function 00158AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00158BAE
                                                                                                                                                                                                                                                                                                                                                                              • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00158BDA
                                                                                                                                                                                                                                                                                                                                                                              • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00158C32
                                                                                                                                                                                                                                                                                                                                                                              • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00158C57
                                                                                                                                                                                                                                                                                                                                                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00158C5F
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e72d43cb8c3a3ee6cf22e4df708980a721ea4b41b937b1d2a4d31ca1eda4cb63
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9f7b196e7ed88b362cabd805598378159f4a3bcf0e772f027e304cf9cf3b4eb4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e72d43cb8c3a3ee6cf22e4df708980a721ea4b41b937b1d2a4d31ca1eda4cb63
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 86513835A00619EFCB05DF65C881AAEBBF5FF48314F088458E859AB362DB31ED55CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00168EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00168F40
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00168FD0
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00168FEC
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00169032
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00169052
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000FF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00151043,?,7644E610), ref: 000FF6E6
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000FF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0013FA64,00000000,00000000,?,?,00151043,?,7644E610,?,0013FA64), ref: 000FF70D
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 860b5662198bb95fb378977bbea60daf46e142fae332faac90bd57d3b068fa46
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2f2c692f775602c35b1eb2f81611cf35050bfeee3fcbef14495b35a768330bb2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 860b5662198bb95fb378977bbea60daf46e142fae332faac90bd57d3b068fa46
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7515A35600245DFCB14DF68C8848EDBBF5FF49314B4981A8E80AAB762DB31ED85CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00176B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00176C33
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,?), ref: 00176C4A
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00176C73
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0015AB79,00000000,00000000), ref: 00176C98
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00176CC7
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 474a42f9088c1c0b87fe5d33e2eebc0faeaf42ee9b0e75c9ebe4f07a0972b99f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fd09000fb3d1249197755839b88ad93374dc801202fdcb1c158d7719b345cc0d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 474a42f9088c1c0b87fe5d33e2eebc0faeaf42ee9b0e75c9ebe4f07a0972b99f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7941D435604504AFD725CF38CC58FE97BB5EB0A350F158268F89DA72E0C771AD81DA80
                                                                                                                                                                                                                                                                                                                                                                              Function 00112051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 963382a8eae740d8eb5af73e5e2ad3f05533904e93badad0d7c02846d7c6e385
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cd8e0e338dd325878959cc66da88e1ec8c25b0fe4e0fd25736d6f95da834a1f7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 963382a8eae740d8eb5af73e5e2ad3f05533904e93badad0d7c02846d7c6e385
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D41D336A00204AFCB28DF78C981AADB7F5EF89314F154578E615EB392DB31AD51CB80
                                                                                                                                                                                                                                                                                                                                                                              Function 000F912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 000F9141
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(00000000,?), ref: 000F915E
                                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000001), ref: 000F9183
                                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000002), ref: 000F919D
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9d72e4e767aa0119d8ac173f8fd7ea70c6c570c32faaea1017c047dfd83f76b9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 599536b91b612e7d5e691d5e25f19db4565e57e2c5f12e68a7ccc4f1106ab60b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d72e4e767aa0119d8ac173f8fd7ea70c6c570c32faaea1017c047dfd83f76b9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09415071A0861AFBDF199F64C844BFEB774FF05324F208229E529A72D0C7306994DB91
                                                                                                                                                                                                                                                                                                                                                                              Function 00153874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetInputState.USER32 ref: 001538CB
                                                                                                                                                                                                                                                                                                                                                                              • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00153922
                                                                                                                                                                                                                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 0015394B
                                                                                                                                                                                                                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 00153955
                                                                                                                                                                                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00153966
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2c3c27bb9e2a20da237023ece5adeeb721135b658f47b71be88b2f8f30b3d7ee
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 38f1b02334eacbd2d3b46121a100642013ad7fa75a4659593de52a000ecc61d9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2c3c27bb9e2a20da237023ece5adeeb721135b658f47b71be88b2f8f30b3d7ee
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F31EAB0504385EEEB39CB34D858BB637E4AB0138AF55065DE876CB4A0E7B096CDCB11
                                                                                                                                                                                                                                                                                                                                                                              Function 0015CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0015C21E,00000000), ref: 0015CF38
                                                                                                                                                                                                                                                                                                                                                                              • InternetReadFile.WININET(?,00000000,?,?), ref: 0015CF6F
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,?,?,?,0015C21E,00000000), ref: 0015CFB4
                                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000000,?,?,?,0015C21E,00000000), ref: 0015CFC8
                                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000000,?,?,?,0015C21E,00000000), ref: 0015CFF2
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: edc187f2a948a3f8f8ca42b80237644f8851a4500f7697773eafe2b1d3179d09
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 68af65aaf7168d741a07112e94d40b612b976ea613cebf89b5e2d6234b624db9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: edc187f2a948a3f8f8ca42b80237644f8851a4500f7697773eafe2b1d3179d09
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60318071600305EFDB24DFA5C8849ABBBF9EF14312B10442EF926D6501DB30AD84DBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00141901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00141915
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000001,00000201,00000001), ref: 001419C1
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?), ref: 001419C9
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000001,00000202,00000000), ref: 001419DA
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?), ref: 001419E2
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9c397b154f809f3e55a13238e13d66b10d6eeb32250a2bc8417aab3054b927dd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8f0f6771c20af4233fee54c3d9f105c6b44d0a34fdb30d28f5ef31a68305e405
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c397b154f809f3e55a13238e13d66b10d6eeb32250a2bc8417aab3054b927dd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D31A271A00219FFCB04CFA8CD99ADE7BB5FB44319F104229F925A72E1C7709994CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00175706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00175745
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001074,?,00000001), ref: 0017579D
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 001757AF
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 001757BA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00175816
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3e985de87a6d1120a9608e623f89f1c5899f00ad148afabac393a174d0368993
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6293481757e6ad4da9f415451a325699c0d83d99ef786f7af1f7bf1541e82048
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e985de87a6d1120a9608e623f89f1c5899f00ad148afabac393a174d0368993
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 682165759046189ADB209FA4CC85AEE7BB9FF14724F50C21AFA1DEA1C0E7B099C5CF50
                                                                                                                                                                                                                                                                                                                                                                              Function 00160930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 00160951
                                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 00160968
                                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 001609A4
                                                                                                                                                                                                                                                                                                                                                                              • GetPixel.GDI32(00000000,?,00000003), ref: 001609B0
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000003), ref: 001609E8
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9d8bc42672f1689895a3472810a4ff54b89cf35ac48201cd1c06dfe4462b5bd8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2c59f3612117cdc29282a5b16dfb3b03d5d000fb34ada475a37f79205726e9b7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d8bc42672f1689895a3472810a4ff54b89cf35ac48201cd1c06dfe4462b5bd8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B216F35600214AFD704EF65DC85AAEBBF5EF48701F14846CF85AA7752DB70AD44CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 0011CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 0011CDC6
                                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0011CDE9
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00113820: RtlAllocateHeap.NTDLL(00000000,?,001B1444,?,000FFDF5,?,?,000EA976,00000010,001B1440,000E13FC,?,000E13C6,?,000E1129), ref: 00113852
                                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0011CE0F
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011CE22
                                                                                                                                                                                                                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0011CE31
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fe1f66323585b97cd340666a6cea9140e1534c6ac8b755057a40374c6941ed60
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1ca913e422e0c4c6c78887ff5abb46c7247a1e872ce9bf7bc170c4cd8bcd474d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe1f66323585b97cd340666a6cea9140e1534c6ac8b755057a40374c6941ed60
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A80184726422157F272916BA6C89DFF6D6EEFC6BA1315013DF909C7201EB618D9181F0
                                                                                                                                                                                                                                                                                                                                                                              Function 000F9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 000F9693
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 000F96A2
                                                                                                                                                                                                                                                                                                                                                                              • BeginPath.GDI32(?), ref: 000F96B9
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 000F96E2
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6f26502fbdf8e76887d3eb94c82d80aaf124e4890ef0b0623ff6af4a519e961a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0f695620f9a0c309a9a08a1e1650328e99120c5dd03b7031d38a16b17c0a5b01
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f26502fbdf8e76887d3eb94c82d80aaf124e4890ef0b0623ff6af4a519e961a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A217C70802349FBDB219F24EC287B93BB9BB0032AF51031AF514A69B0D37098D1DB94
                                                                                                                                                                                                                                                                                                                                                                              Function 00145711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2e4e38696b8439fba8df52f8532ce97d4f9e7af90870be196d286ad27598eec4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ba232ddc1756aadd39fe7f4cd5789c60907fbf00efb3e1af781ced7945a9ade5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e4e38696b8439fba8df52f8532ce97d4f9e7af90870be196d286ad27598eec4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 810196B1641605BBE30855109E42EBB736EAB213A5B808035FD089F293F764ED12C2B1
                                                                                                                                                                                                                                                                                                                                                                              Function 0014000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0013FF41,80070057,?,?,?,0014035E), ref: 0014002B
                                                                                                                                                                                                                                                                                                                                                                              • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0013FF41,80070057,?,?), ref: 00140046
                                                                                                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0013FF41,80070057,?,?), ref: 00140054
                                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0013FF41,80070057,?), ref: 00140064
                                                                                                                                                                                                                                                                                                                                                                              • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0013FF41,80070057,?,?), ref: 00140070
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2a8dd84acbd3f2463b0280d05754d2fbda305005e60f61f2cf58fc261e13967c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9cf5c7151632995a85d5fbc5732a20f846e81b898dc132985ca9b0023211efdc
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a8dd84acbd3f2463b0280d05754d2fbda305005e60f61f2cf58fc261e13967c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4016276600214BFDB224F6ADC44BAA7AFDEF48791F144128FE09D7220D775DE809BA0
                                                                                                                                                                                                                                                                                                                                                                              Function 0014E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0014E997
                                                                                                                                                                                                                                                                                                                                                                              • QueryPerformanceFrequency.KERNEL32(?), ref: 0014E9A5
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 0014E9AD
                                                                                                                                                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 0014E9B7
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32 ref: 0014E9F3
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7de09f1a7cac8d17f66daaa9c72a19e1764c729641574919951ff312221a307f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3a7ecfa11c0f28e5dd9ee3fe9ae0c7bc704ab9e2b41d720797cb007a03e7ab3e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7de09f1a7cac8d17f66daaa9c72a19e1764c729641574919951ff312221a307f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D014C31C0162DDBCF04AFE5DC69AEDBBB8FF09715F41055AE502B22A1DB309594CBA1
                                                                                                                                                                                                                                                                                                                                                                              Function 001410F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00141114
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,00140B9B,?,?,?), ref: 00141120
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00140B9B,?,?,?), ref: 0014112F
                                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00140B9B,?,?,?), ref: 00141136
                                                                                                                                                                                                                                                                                                                                                                              • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0014114D
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3129621cb2eb7ebe50de28951e689989c7071d476bc7ca10e915bcbe4b66650b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 049d5e8321588a92647b2b1c50a0a5203a26251c4163f1da310bb4be79900589
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3129621cb2eb7ebe50de28951e689989c7071d476bc7ca10e915bcbe4b66650b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01013779200205BFDB154FA5DC49E6A3F7EEF897A1B244429FA49D7360DB31DCC09AA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00140FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00140FCA
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00140FD6
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00140FE5
                                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00140FEC
                                                                                                                                                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00141002
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cfddcdbcd8867d1f37b73cf6b85f9872c79b7c7150afdd25b1aa2687e7598878
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 72bc33360a50d9d9021a29bf4d1a4c05d16ce3941961339709bffe02f812e0a1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cfddcdbcd8867d1f37b73cf6b85f9872c79b7c7150afdd25b1aa2687e7598878
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33F04979200301FBDB214FA4AC49F563FBDEF89762F604428FA49D7261CA70DCC08AA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00141014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0014102A
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00141036
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00141045
                                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0014104C
                                                                                                                                                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00141062
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 32b00c7f5d752a7f2b051905be879f2c2d778ae57af938db1745917d4676f67d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: abd62440fb54c2f7525623d932d5b0627fd959ad7b7fca4ba1175421e1a6382f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 32b00c7f5d752a7f2b051905be879f2c2d778ae57af938db1745917d4676f67d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24F04939200301FBDB215FA4EC49F563BBDEF89761F200828FA4DD7260CA70D8D08AA0
                                                                                                                                                                                                                                                                                                                                                                              Function 0015030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,0015017D,?,001532FC,?,00000001,00122592,?), ref: 00150324
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,0015017D,?,001532FC,?,00000001,00122592,?), ref: 00150331
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,0015017D,?,001532FC,?,00000001,00122592,?), ref: 0015033E
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,0015017D,?,001532FC,?,00000001,00122592,?), ref: 0015034B
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,0015017D,?,001532FC,?,00000001,00122592,?), ref: 00150358
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,0015017D,?,001532FC,?,00000001,00122592,?), ref: 00150365
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 674d665eeab2ea16d94dfe7bc7f84efa26fcd642d25abfec173df3cc498fb2fb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 691d17700bb41d8312b76fce37f0d69737d337facc65175983cdc06452c77d61
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 674d665eeab2ea16d94dfe7bc7f84efa26fcd642d25abfec173df3cc498fb2fb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A101A272800B15DFC7319FA6D880412F7F5BF543163158A3FD1A652931C371A998CF80
                                                                                                                                                                                                                                                                                                                                                                              Function 0011D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011D752
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001129C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0011D7D1,00000000,00000000,00000000,00000000,?,0011D7F8,00000000,00000007,00000000,?,0011DBF5,00000000), ref: 001129DE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001129C8: GetLastError.KERNEL32(00000000,?,0011D7D1,00000000,00000000,00000000,00000000,?,0011D7F8,00000000,00000007,00000000,?,0011DBF5,00000000,00000000), ref: 001129F0
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011D764
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011D776
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011D788
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011D79A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 001da1c31f129ab9e92b2cdeaa82faf45c7bcc4e15a50ac2b3ed53f265831376
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 13799edca9b0e54c7bc2881df8d1387d7e1d85971183b8d0f403e20b291c0a2a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 001da1c31f129ab9e92b2cdeaa82faf45c7bcc4e15a50ac2b3ed53f265831376
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3F09632500218ABC629FB68F9C6C9777DDBB05728B940C25F048DB941CB34FCD086E0
                                                                                                                                                                                                                                                                                                                                                                              Function 00145C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 00145C58
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(00000000,?,00000100), ref: 00145C6F
                                                                                                                                                                                                                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 00145C87
                                                                                                                                                                                                                                                                                                                                                                              • KillTimer.USER32(?,0000040A), ref: 00145CA3
                                                                                                                                                                                                                                                                                                                                                                              • EndDialog.USER32(?,00000001), ref: 00145CBD
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 144a5009956f2be2d43be7345c1661c2c89bcc43f3725151b91abb8f59adb189
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6666824cd00f67a142ef1f5653cb2bd821d22fa3e0569906d05d6dba1dcc0d71
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 144a5009956f2be2d43be7345c1661c2c89bcc43f3725151b91abb8f59adb189
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18016D30500B04ABEB255B10ED8EFA67BBDBB00B06F00055DB587A15E2DBF0A9C48BD1
                                                                                                                                                                                                                                                                                                                                                                              Function 001122A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 001122BE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001129C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0011D7D1,00000000,00000000,00000000,00000000,?,0011D7F8,00000000,00000007,00000000,?,0011DBF5,00000000), ref: 001129DE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001129C8: GetLastError.KERNEL32(00000000,?,0011D7D1,00000000,00000000,00000000,00000000,?,0011D7F8,00000000,00000007,00000000,?,0011DBF5,00000000,00000000), ref: 001129F0
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 001122D0
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 001122E3
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 001122F4
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00112305
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ee10dedb5bbc38608769af7a3d7c1fc3e97bd7d3e7c936c662f49d3d2a0e3470
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 21b4fb8285657f43c6e44a0ffdd2925c1058f11ad269f07172d47e3779624410
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee10dedb5bbc38608769af7a3d7c1fc3e97bd7d3e7c936c662f49d3d2a0e3470
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72F05EB59001249B861BBF58BC018AD3B64F729B60751076AF410DBBB1C73448F1AFE4
                                                                                                                                                                                                                                                                                                                                                                              Function 000F95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • EndPath.GDI32(?), ref: 000F95D4
                                                                                                                                                                                                                                                                                                                                                                              • StrokeAndFillPath.GDI32(?,?,001371F7,00000000,?,?,?), ref: 000F95F0
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 000F9603
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32 ref: 000F9616
                                                                                                                                                                                                                                                                                                                                                                              • StrokePath.GDI32(?), ref: 000F9631
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 23ad8779f1dabd3e30f459ceabeba5ad67f9fa6f16408308b627de59ba33d8c7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5456c016605972763e5432d089d1ff91ccde5dde5e5b2f1b4c88f0b2f5937b18
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23ad8779f1dabd3e30f459ceabeba5ad67f9fa6f16408308b627de59ba33d8c7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FAF03C34005748EBDB225F65ED2C7B83BB5AB0032AF548318F529958F0C73089D1EFA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00110F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                                              • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fda1d78468693c0e8e47e0e09ed4764c52adcb5a21560b71789e193ec2b5e70b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 302916a100aa0642fa6d737f39c036d92f7682855bd4fb929040951083cecc8c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fda1d78468693c0e8e47e0e09ed4764c52adcb5a21560b71789e193ec2b5e70b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DCD1CE31924206BACB2C9F68C845AFAF7B1FF15310F290179EB219B654E3759DC0CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 00167B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00100242: EnterCriticalSection.KERNEL32(001B070C,001B1884,?,?,000F198B,001B2518,?,?,?,000E12F9,00000000), ref: 0010024D
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00100242: LeaveCriticalSection.KERNEL32(001B070C,?,000F198B,001B2518,?,?,?,000E12F9,00000000), ref: 0010028A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001000A3: __onexit.LIBCMT ref: 001000A9
                                                                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00167BFB
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001001F8: EnterCriticalSection.KERNEL32(001B070C,?,?,000F8747,001B2514), ref: 00100202
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 001001F8: LeaveCriticalSection.KERNEL32(001B070C,?,000F8747,001B2514), ref: 00100235
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 535116098-3733170431
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d90f7bc4e18386c0080826f3579ab34c1c4816e20240e880b006369410c611b4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 68142d5b474bff11c911134194ef257ca1e40a5843edc77efc56131b4fdd8460
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d90f7bc4e18386c0080826f3579ab34c1c4816e20240e880b006369410c611b4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96918A70A04209EFCB14EF98D9919FDB7B2FF49308F108459F806AB292DB71AE55CB51
                                                                                                                                                                                                                                                                                                                                                                              Function 00142716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,001421D0,?,?,00000034,00000800,?,00000034), ref: 0014B42D
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00142760
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,001421FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0014B3F8
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0014B355
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00142194,00000034,?,?,00001004,00000000,00000000), ref: 0014B365
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00142194,00000034,?,?,00001004,00000000,00000000), ref: 0014B37B
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 001427CD
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0014281A
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9c4e2515b060b273661bba5df7a94d5228d3d60de65ebe43e418d19cdb05c7cb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0eddbdab8ab03c6f7e905b46c6c6aac8f1553a435e78164b463ff8e6a9d6ab9f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c4e2515b060b273661bba5df7a94d5228d3d60de65ebe43e418d19cdb05c7cb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B412F72900218AFDB10DFA4CD85EDEBBB8EF15700F104099FA55B7191DB70AE85CBA1
                                                                                                                                                                                                                                                                                                                                                                              Function 0011172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\mdPov8VTwi.exe,00000104), ref: 00111769
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 00111834
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 0011183E
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\mdPov8VTwi.exe
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2506810119-3713574619
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6798baf5e3e0bea07a7af501f6ad2201ed03597c3a8252f0dddf8a5d08b4d69d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5e6b22feab55c3cd31a6ca8d60f49518d64f6b5ef0cc5edd61ad47c1ea814baf
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6798baf5e3e0bea07a7af501f6ad2201ed03597c3a8252f0dddf8a5d08b4d69d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90319C71A04218BBCB29DF999881DDEFBFCEB95310B6141BAEA0497251D7708AC0CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 0014C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0014C306
                                                                                                                                                                                                                                                                                                                                                                              • DeleteMenu.USER32(?,00000007,00000000), ref: 0014C34C
                                                                                                                                                                                                                                                                                                                                                                              • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,001B1990,0113C940), ref: 0014C395
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 94ff7675728669b78ec4ab26f0da7d074ca6f6b3e08d7d165d0446105c338f27
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ab372a5a6f5944e386ffbeecc3ef10cf80941bf812b943e907715db6f76578ab
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94ff7675728669b78ec4ab26f0da7d074ca6f6b3e08d7d165d0446105c338f27
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5941C0362063019FD724DF25D884B5ABBE8BF85320F008A1DF9A5972E1D770E904CBA2
                                                                                                                                                                                                                                                                                                                                                                              Function 00174416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0017CC08,00000000,?,?,?,?), ref: 001744AA
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32 ref: 001744C7
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 001744D7
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                              • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 268b3ef63b52c692f360c92bc713ee02208304323afd85e6496f30dab1dd0cdf
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4541eb9e976140dbc4292dc1f99d0f25815c691ebf7ad748e38de5ef878bc2d2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 268b3ef63b52c692f360c92bc713ee02208304323afd85e6496f30dab1dd0cdf
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8319E31210205AFDF218E78DC45BEA77B9EB09334F208715F979A21E1DB70EC909B50
                                                                                                                                                                                                                                                                                                                                                                              Function 0016304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0016335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00163077,?,?), ref: 00163378
                                                                                                                                                                                                                                                                                                                                                                              • inet_addr.WSOCK32(?), ref: 0016307A
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0016309B
                                                                                                                                                                                                                                                                                                                                                                              • htons.WSOCK32(00000000), ref: 00163106
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1c3f2bbbe98d32d3fe2080b99138bfd80be4d482feac9528c44af19473d65488
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 62241129d6a822f64e687b6ed14f50f0f51c1ac1b9ef182e8b39405b8e4eb071
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c3f2bbbe98d32d3fe2080b99138bfd80be4d482feac9528c44af19473d65488
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C63104392002019FCB20CF28C985EAA77F0EF15318F248059E9258B392CB32EF85C761
                                                                                                                                                                                                                                                                                                                                                                              Function 00173EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00173F40
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00173F54
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00173F78
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                                                                                              • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 26a95a9602bb9599f0e90b6890d5629f248daee21d24f890b608525678a7cc90
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a5661b528decea06666665d85b1944fc3362c6740b813ae1af9b6bf2cf47e18e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26a95a9602bb9599f0e90b6890d5629f248daee21d24f890b608525678a7cc90
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2021BF32600229BFDF118F50DC46FEA3B75EB48754F114214FA19AB1D0D7B1A9909B90
                                                                                                                                                                                                                                                                                                                                                                              Function 00174653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00174705
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00174713
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0017471A
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 12dfeafbe3ad0780a926686266f688d36e0a312ed2062c972ac6f8f00243390b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1afceae5d28289c892fc20f3f543849632550a994166b29aaef284c13d40b680
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12dfeafbe3ad0780a926686266f688d36e0a312ed2062c972ac6f8f00243390b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 022190B5600208BFDB10DF64DCD1DA737BDEB9A3A8B004149FA049B391CB30EC51CAA0
                                                                                                                                                                                                                                                                                                                                                                              Function 001495AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b6fb28874debfffc9b64b9407792d8afa8685ef34bd324a8ada0d93adb1b708b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 803f1f6484dbfe184aba03a3176f571a9c1f78c46457b3473a1546ad6e23bcb3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6fb28874debfffc9b64b9407792d8afa8685ef34bd324a8ada0d93adb1b708b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3216D7210815166C331BB25EC02FB773D89FA5320F11842AF98D9B0A2EB919D42C2D5
                                                                                                                                                                                                                                                                                                                                                                              Function 001737B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00173840
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00173850
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00173876
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 033c231e3dff40e07bcac00420cdf48e0a3e41769b81795a5280357417e70a2a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0153998708b4d09059f0ae0e073f34c56ee3a4b38c23aa9a5a95caf778350849
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 033c231e3dff40e07bcac00420cdf48e0a3e41769b81795a5280357417e70a2a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29218E72610218BBEB258F54DC85FAB377EEF89760F118224F9589B190CB72DC5297A0
                                                                                                                                                                                                                                                                                                                                                                              Function 001549F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 00154A08
                                                                                                                                                                                                                                                                                                                                                                              • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00154A5C
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,?,?,0017CC08), ref: 00154AD0
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5a0706a0e38401b57da7ae50c2e3025aa0338c1c64108f33c0c4a887184d3008
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 61f92e42da769545f9f98e577fa46585b61a92c6f85ce871aec24895f8428105
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a0706a0e38401b57da7ae50c2e3025aa0338c1c64108f33c0c4a887184d3008
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA310F75A00109AFDB11DF54C985EAA77F8EF05308F1480A9F909DB252D771EE85CBA1
                                                                                                                                                                                                                                                                                                                                                                              Function 001741EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0017424F
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00174264
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00174271
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 376cf895730795db88218c2b0b7fb6ea1ffd804d99b80fce1e9110ceb6fb3369
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 50453d11a8ed90d12171cf271fbc3654899316c79f611e93ca0aca2789b76ec6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 376cf895730795db88218c2b0b7fb6ea1ffd804d99b80fce1e9110ceb6fb3369
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7711E331240248BFEF209E29DC06FAB3BBCEF95B54F114514FA59E2091D371DC619B50
                                                                                                                                                                                                                                                                                                                                                                              Function 00142F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E6B57: _wcslen.LIBCMT ref: 000E6B6A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00142DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00142DC5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00142DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00142DD6
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00142DA7: GetCurrentThreadId.KERNEL32 ref: 00142DDD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00142DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00142DE4
                                                                                                                                                                                                                                                                                                                                                                              • GetFocus.USER32 ref: 00142F78
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00142DEE: GetParent.USER32(00000000), ref: 00142DF9
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 00142FC3
                                                                                                                                                                                                                                                                                                                                                                              • EnumChildWindows.USER32(?,0014303B), ref: 00142FEB
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2da2ec7c9e44e9189083abe541c18a0c7770d804d616ea01f70ff5fd3aab4f37
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6d4907ae7203061c393224a53aabc735e37144674a244d62a8b9ecce8aba861b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2da2ec7c9e44e9189083abe541c18a0c7770d804d616ea01f70ff5fd3aab4f37
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE11B4716002056BCF157FB09CC5EEE37AAAF94314F044079F919AB262DF3199858B60
                                                                                                                                                                                                                                                                                                                                                                              Function 00175882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 001758C1
                                                                                                                                                                                                                                                                                                                                                                              • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 001758EE
                                                                                                                                                                                                                                                                                                                                                                              • DrawMenuBar.USER32(?), ref: 001758FD
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9659be3a1f302a847797d9a03ad40db6e8d3c1b5631d573f4e010570d32203e7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9b9b8c92197c0fb193c67957560e7412781d4c9a0e3d442bb1a96b96038835a8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9659be3a1f302a847797d9a03ad40db6e8d3c1b5631d573f4e010570d32203e7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91015731600219EEDB219F11DC44BAEBBB5FF45364F10C0A9E94DDA162EB718AC4EF61
                                                                                                                                                                                                                                                                                                                                                                              Function 0014007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: daf402e4a889023a9ae3132a5b861b60915471737acf555289ed4139056b22bb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 699ed8469d68c7e5b84759557911c45f5b72a7f48bcc7d2298d384a6224085fa
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: daf402e4a889023a9ae3132a5b861b60915471737acf555289ed4139056b22bb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 05C17D75A00206EFCB15CFA5C894EAEBBB5FF48704F118598E605EB261D771EE81CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00113E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e29c0a93f0b1bd96f96930bfcbd3a4573bb69aed84b57cfabc02a320cc3ef366
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BA13472E00296AFEB29CE18C8917EEBBE4EF65350F1841BDE5959B281C33499C2C751
                                                                                                                                                                                                                                                                                                                                                                              Function 0016342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5beaeb1e33f8044362a307a0e73f3c5c240de88efecb8e6741b2770a41f3db11
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 69eaf52142e97701d500bf3c04cafcaee83e9f6c8166e59c6453373216443369
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5beaeb1e33f8044362a307a0e73f3c5c240de88efecb8e6741b2770a41f3db11
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76A15B766047009FC700DF29C885A6AB7E5FF89714F04885DF99AAB362DB70EE41CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 00140436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0017FC08,?), ref: 001405F0
                                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0017FC08,?), ref: 00140608
                                                                                                                                                                                                                                                                                                                                                                              • CLSIDFromProgID.OLE32(?,?,00000000,0017CC40,000000FF,?,00000000,00000800,00000000,?,0017FC08,?), ref: 0014062D
                                                                                                                                                                                                                                                                                                                                                                              • _memcmp.LIBVCRUNTIME ref: 0014064E
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 99459caba824a34acf26e00a25e0af8d75fd8cbcae5e2ddcc817d86087dc3090
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0e80d0a90c1c05c05056da6778d040f3d6d7ed403a5b6766f6dbfd8eebc56f12
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99459caba824a34acf26e00a25e0af8d75fd8cbcae5e2ddcc817d86087dc3090
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F811B71A00109EFCB05DF95C984EEEB7B9FF89315F204558E606AB260DB71AE46CF60
                                                                                                                                                                                                                                                                                                                                                                              Function 0016A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32 ref: 0016A6AC
                                                                                                                                                                                                                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 0016A6BA
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 0016A79C
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0016A7AB
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000FCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00123303,?), ref: 000FCE8A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a5eca818b933a567eda395d0a5a818c3b815c6da7f456105b8d4b7df683a22fa
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6d9568bee84b96d8e806b76b1fe103f1965e8667a9b8fb6769efc06086abedaf
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5eca818b933a567eda395d0a5a818c3b815c6da7f456105b8d4b7df683a22fa
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE517F715083419FD310EF25C886EABBBE8FF89754F40492DF589A7252EB31D944CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 00121391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a994c1e8d45c78da9db4eb6cc6206855e30abb9b484ae4382577a64aa96f1415
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 12cb7ce6b87c96d27c129a4e87e9d87d18125df1e51a87a9907cdffe7476fc6d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a994c1e8d45c78da9db4eb6cc6206855e30abb9b484ae4382577a64aa96f1415
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B415831A00164BBDB25FBB8BC466AE3AA5EF71330F14027AF41CD61D1E77088A192A1
                                                                                                                                                                                                                                                                                                                                                                              Function 00176278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 001762E2
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00176315
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00176382
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1c3cc7f049e19a2448bad41d5c766d54f04419adc5ce8a069ead2c3d73684a17
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 88f4a5fcc87f980ac7ba3ffc4842152983402ca78e459c5d6375ec845ff20c41
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c3cc7f049e19a2448bad41d5c766d54f04419adc5ce8a069ead2c3d73684a17
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4515C74A00649EFDF10DF68D8809AE7BB6FF55364F108269F8199B2A1D730ED81CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00161AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • socket.WSOCK32(00000002,00000002,00000011), ref: 00161AFD
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00161B0B
                                                                                                                                                                                                                                                                                                                                                                              • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00161B8A
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00161B94
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 595329d58ecf1d1103645e755037c3213f19149cdb3461086bcc7b7af3911221
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f60d896edd6bcc9293443bc6398139e4ec88888b8cc037627264bc9324fe8c18
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 595329d58ecf1d1103645e755037c3213f19149cdb3461086bcc7b7af3911221
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5141A1756002006FE720AF24D886F6977E5AB44718F58845CFA1A9F7D3D772ED418B90
                                                                                                                                                                                                                                                                                                                                                                              Function 0011B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3d9c978f4bda2c8401d38b68942f84108a7cac7a5da58cf9236bbe4a952c8b84
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e8a208ccc0ca08c61e32c12fb30375eb36f6cc52196cd2ff3b4f5e3aca7612c0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d9c978f4bda2c8401d38b68942f84108a7cac7a5da58cf9236bbe4a952c8b84
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51410A72A04314BFD728AF78CC81BAA7BE9EB98710F10853EF142DB6C1D77199918790
                                                                                                                                                                                                                                                                                                                                                                              Function 001556D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00155783
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 001557A9
                                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 001557CE
                                                                                                                                                                                                                                                                                                                                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 001557FA
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d490086e09c3579f09869b84c769a9068a97d1c06ce89c2348380e002869651f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3cf1d266c5212b3c4a6054f91d0e64928052c1e7125f52d292fb0d9aa638a88f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d490086e09c3579f09869b84c769a9068a97d1c06ce89c2348380e002869651f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9412C3A600A50DFCB11DF16C444A5EBBF2AF89321B598488EC5A6F362CB70FD45CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 0011D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00106D71,00000000,00000000,001082D9,?,001082D9,?,00000001,00106D71,8BE85006,00000001,001082D9,001082D9), ref: 0011D910
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0011D999
                                                                                                                                                                                                                                                                                                                                                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0011D9AB
                                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 0011D9B4
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00113820: RtlAllocateHeap.NTDLL(00000000,?,001B1444,?,000FFDF5,?,?,000EA976,00000010,001B1440,000E13FC,?,000E13C6,?,000E1129), ref: 00113852
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2f36d4738141358dbcd6ebef1dad457d9b65708a1beb03b2e4bafc5754792e06
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 115ab242fe8e038143bd7ff81185c72a925a7cc5099bbc0594cef8dd23d8d5d5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f36d4738141358dbcd6ebef1dad457d9b65708a1beb03b2e4bafc5754792e06
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30319C72A0020AABDB299F64EC45EEE7BA5EB41314B054178FC0496290EB35DD90CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 001752C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 00175352
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00175375
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00175382
                                                                                                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 001753A8
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ce6c45ad2d499126862c7e977e4c1f624abb0722b08534687e50878440743530
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 858212c6500a8e505b262fb1df0ae6bdca4ec259470b4ebd21ca6a96eb7eb004
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce6c45ad2d499126862c7e977e4c1f624abb0722b08534687e50878440743530
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5131BE34A55A08EFEB349A14CC56BE837B7BB043D0F588106FA19962F1C7F0AD80DB91
                                                                                                                                                                                                                                                                                                                                                                              Function 0014AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 0014ABF1
                                                                                                                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(00000080,?,00008000), ref: 0014AC0D
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000101,00000000), ref: 0014AC74
                                                                                                                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 0014ACC6
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 49c48a34c8c904703a34dfff215fdab511ce2f7b0b7950f985750f2d94fe54ce
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a7b3c720be6527f851be4707420248fe386f143b7b66c59f361eb6fbd18df831
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49c48a34c8c904703a34dfff215fdab511ce2f7b0b7950f985750f2d94fe54ce
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0313730A803186FEF34CB648C84BFA7BB5AF89310F85431AE485972F0C37599818792
                                                                                                                                                                                                                                                                                                                                                                              Function 00177674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 0017769A
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00177710
                                                                                                                                                                                                                                                                                                                                                                              • PtInRect.USER32(?,?,00178B89), ref: 00177720
                                                                                                                                                                                                                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 0017778C
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 32ded3f5223f2d57405b2691fb40359453ef3c4633d7c099508d672dcc43e31a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0210409f10b178638f1ec456f5c36a7a252c422ff05a1d4a54ef0748f8867ed9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 32ded3f5223f2d57405b2691fb40359453ef3c4633d7c099508d672dcc43e31a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43419E34605254EFDB19CF58C898EA977F5FF49318F1581A8E4189F2A1C731E981CF90
                                                                                                                                                                                                                                                                                                                                                                              Function 001716DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 001716EB
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00143A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00143A57
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00143A3D: GetCurrentThreadId.KERNEL32 ref: 00143A5E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00143A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,001425B3), ref: 00143A65
                                                                                                                                                                                                                                                                                                                                                                              • GetCaretPos.USER32(?), ref: 001716FF
                                                                                                                                                                                                                                                                                                                                                                              • ClientToScreen.USER32(00000000,?), ref: 0017174C
                                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 00171752
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 11d5158260d512a8e2ee9445368ea116cf4d799c68e2377427ff859eb60cb881
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 35594f694ba107c116d355b692f0798fd1a82b54bf26a7b4cf5fadb55c960140
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11d5158260d512a8e2ee9445368ea116cf4d799c68e2377427ff859eb60cb881
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85315271D00149AFD704DFAAC881CEEB7F9EF58304B548069E419E7212D7319E45CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00178FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 000F9BB2
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00179001
                                                                                                                                                                                                                                                                                                                                                                              • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00137711,?,?,?,?,?), ref: 00179016
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 0017905E
                                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00137711,?,?,?), ref: 00179094
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0b2a73add2ab6b29a5947f749f9d57ecbcdf57499a718b1c424175a6437b3d33
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b0801613a44fe8d68c10ad9a45f19a214dc3a1c395baaf9527565cbd938763df
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b2a73add2ab6b29a5947f749f9d57ecbcdf57499a718b1c424175a6437b3d33
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B217F35610018FFDB258F94C858EFA7BF9FB89350F148159F9099B261C7319990DBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 0014D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?,0017CB68), ref: 0014D2FB
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0014D30A
                                                                                                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 0014D319
                                                                                                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0017CB68), ref: 0014D376
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5fd8817b26589ee964e678f2431b8ea0a5435207c7de7bee23c26f2db039dcb5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fbbad839d4bd573f032db5c381f460dce77f2a7bf00b5c2d1d322dd840ad1279
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5fd8817b26589ee964e678f2431b8ea0a5435207c7de7bee23c26f2db039dcb5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2219FB05092019F8B10DF28D8818AA77E4BF56364F504A5DF499D32B2DB30DD85CB93
                                                                                                                                                                                                                                                                                                                                                                              Function 00141571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00141014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0014102A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00141014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00141036
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00141014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00141045
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00141014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0014104C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00141014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00141062
                                                                                                                                                                                                                                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 001415BE
                                                                                                                                                                                                                                                                                                                                                                              • _memcmp.LIBVCRUNTIME ref: 001415E1
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00141617
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0014161E
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2f8a23997a91c6ef5c20e70ad9060cdcc2f8b535b31ef38ade902f434235717f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a4927a8ce43ca1f2da34dde38ab5e4ebc84548f29e9543c0da2443abef5b23c9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f8a23997a91c6ef5c20e70ad9060cdcc2f8b535b31ef38ade902f434235717f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA219A31E00208FFDF00DFA4C945BEEB7B8EF84354F098459E445AB261E770AA85CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00172782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 0017280A
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00172824
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00172832
                                                                                                                                                                                                                                                                                                                                                                              • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00172840
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c9541a9a5a0d16a92c5bc6dbc6973c1d6c12ae2b3d8142db7ffc7b1a02d368be
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 88bf8f6947e42c532898a6e354e60902f53ec9c7a10181b7247fd7cc3aee61f0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9541a9a5a0d16a92c5bc6dbc6973c1d6c12ae2b3d8142db7ffc7b1a02d368be
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C21AF31608511AFD7189B24C845FAA7BA5AF95324F14815CF42A8B6E2CB72FC83CBD1
                                                                                                                                                                                                                                                                                                                                                                              Function 001478F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00148D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0014790A,?,000000FF,?,00148754,00000000,?,0000001C,?,?), ref: 00148D8C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00148D7D: lstrcpyW.KERNEL32(00000000,?,?,0014790A,?,000000FF,?,00148754,00000000,?,0000001C,?,?,00000000), ref: 00148DB2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00148D7D: lstrcmpiW.KERNEL32(00000000,?,0014790A,?,000000FF,?,00148754,00000000,?,0000001C,?,?), ref: 00148DE3
                                                                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00148754,00000000,?,0000001C,?,?,00000000), ref: 00147923
                                                                                                                                                                                                                                                                                                                                                                              • lstrcpyW.KERNEL32(00000000,?,?,00148754,00000000,?,0000001C,?,?,00000000), ref: 00147949
                                                                                                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(00000002,cdecl,?,00148754,00000000,?,0000001C,?,?,00000000), ref: 00147984
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bb247c040240c01e8d2dc325f18d88d66955e07b842d796e8b552908c557ccbe
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6432c1c01889fa4db9773b94f1bb78df7751d94bad87ca68c9c3c0ebb7b0f29b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb247c040240c01e8d2dc325f18d88d66955e07b842d796e8b552908c557ccbe
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF11263A200342ABCB15AF34C844D7A77A9FF95364B40402AF906C72B4EF319841C7A1
                                                                                                                                                                                                                                                                                                                                                                              Function 00177CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00177D0B
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00177D2A
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00177D42
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0015B7AD,00000000), ref: 00177D6B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 000F9BB2
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5424f9f46459e137ce1df4bbe168c46f53cf95c533605bd139ecf7357ecd151e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 66c9712927b126583affd501524fa5442bea2d3f404e572bf30514cd45c5d7b8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5424f9f46459e137ce1df4bbe168c46f53cf95c533605bd139ecf7357ecd151e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C11AF31604655AFCB209FA9CC04AA63BB5BF49364F168728F83DD72F0D73199A0CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00175660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001060,?,00000004), ref: 001756BB
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 001756CD
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 001756D8
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00175816
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: de80f76472c7a5284bc8dce4c37b0b758c2c2a536c1842f994c970175af5ce98
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 43700a5995dc99a82fcae9072a31eda8453ec67a553ed26c9abe5c98100aec63
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: de80f76472c7a5284bc8dce4c37b0b758c2c2a536c1842f994c970175af5ce98
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3511D675A00608A6DB209F61CC85AEE777CFF14764F50C02AFA1DD6081E7F0D980CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 00111D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 234015fee35d76f8293b2c41df1f4860aee6b37d045a3c22c521d3c8b77b6d13
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b4f2bca8e91f4126783e016b58d7b4ec629d0f64732f2b485d3660021605256b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 234015fee35d76f8293b2c41df1f4860aee6b37d045a3c22c521d3c8b77b6d13
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A01A2B2209A1A7EFA1926B87CC5FABA65CDF513B8B310339F625511D2DB708CD04160
                                                                                                                                                                                                                                                                                                                                                                              Function 00141A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 00141A47
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00141A59
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00141A6F
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00141A8A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1e9e27b8990d9c39b0167d4b6affae4a55e03a1b4fdbad79b0cf177455e84f48
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7f34bfcba3ca7ca1327b7331d95f488ba4f60c82b9af33df52450e2dd5ba58fe
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e9e27b8990d9c39b0167d4b6affae4a55e03a1b4fdbad79b0cf177455e84f48
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54113C3AD01219FFEB10DBA4CD85FADBB79EB04750F200495E604B7290D7716E90DB94
                                                                                                                                                                                                                                                                                                                                                                              Function 0014E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 0014E1FD
                                                                                                                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(?,?,?,?), ref: 0014E230
                                                                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0014E246
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0014E24D
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6af43c7bfef21d607a7bcd0c1779fd1ba90fd4579602ad99f478c88e9ffa9264
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b38916339c995665393525cc24e60e35dbbf8941d079afb809d8989b3cfcf029
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6af43c7bfef21d607a7bcd0c1779fd1ba90fd4579602ad99f478c88e9ffa9264
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE110876904214BBC7019BA89C05E9F7FEDBB45320F414329F819E36A0D7B0898087A0
                                                                                                                                                                                                                                                                                                                                                                              Function 0010D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,?,0010CFF9,00000000,00000004,00000000), ref: 0010D218
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0010D224
                                                                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 0010D22B
                                                                                                                                                                                                                                                                                                                                                                              • ResumeThread.KERNEL32(00000000), ref: 0010D249
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2eb0f05f17c5a865a4205946cc27e738117df33d5094f63fa647fdf5a540a82f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: af47b6da2c73ff088fc5dc64172fd815094fa3635c8bd1d31f34eef071cb0511
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2eb0f05f17c5a865a4205946cc27e738117df33d5094f63fa647fdf5a540a82f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B101F936805204BBD7216BE5EC05BAF7A69EF91730F104219F965961D0CFF0C981C7E0
                                                                                                                                                                                                                                                                                                                                                                              Function 00179EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 000F9BB2
                                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00179F31
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00179F3B
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00179F46
                                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00179F7A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f3444c807d7d745e9e609c8ba98b44768760550bc4fdc76c909f0c48ef3c814e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1b9fb42716390304416e76b4caf9b136adf32616a88ac387593b455138c4c718
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3444c807d7d745e9e609c8ba98b44768760550bc4fdc76c909f0c48ef3c814e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 74114532A0051ABBDB10EFA8D8899EE7BB9FB05311F408455F905E3140D730BAC5CBE1
                                                                                                                                                                                                                                                                                                                                                                              Function 000E600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 000E604C
                                                                                                                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 000E6060
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 000E606A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ac0ff2b110d0112159df5f1dfbd1abe085f983e193ece955ea097b8d4c1f3771
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 083ada10d6531b6b9ca85e9226cc72eda3d04978adb48e2ccffc613ca30d50bd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac0ff2b110d0112159df5f1dfbd1abe085f983e193ece955ea097b8d4c1f3771
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF116172501558BFEF565F95AC54EEB7BB9EF183A4F040216FA1462110D732ACA0DB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00103B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ___BuildCatchObject.LIBVCRUNTIME ref: 00103B56
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00103AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00103AD2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00103AA3: ___AdjustPointer.LIBCMT ref: 00103AED
                                                                                                                                                                                                                                                                                                                                                                              • _UnwindNestedFrames.LIBCMT ref: 00103B6B
                                                                                                                                                                                                                                                                                                                                                                              • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00103B7C
                                                                                                                                                                                                                                                                                                                                                                              • CallCatchBlock.LIBVCRUNTIME ref: 00103BA4
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d72ebd49bd2e4d95381314a9a6e84a991be2835c129bce5d23be0461324989df
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2014072100148BBDF115E95CC42EEB3F6DEF58758F044414FE9896161C772D961EBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00113073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,000E13C6,00000000,00000000,?,0011301A,000E13C6,00000000,00000000,00000000,?,0011328B,00000006,FlsSetValue), ref: 001130A5
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,0011301A,000E13C6,00000000,00000000,00000000,?,0011328B,00000006,FlsSetValue,00182290,FlsSetValue,00000000,00000364,?,00112E46), ref: 001130B1
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0011301A,000E13C6,00000000,00000000,00000000,?,0011328B,00000006,FlsSetValue,00182290,FlsSetValue,00000000), ref: 001130BF
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 036211bad3518542d08adfee1d4ececf2dd1616dbc422ef1729f3d9d71d10fa0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ee0869c6d61cb86abb93c9976c7dbee5fb026f78facd6a4ab173c206ec546e72
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 036211bad3518542d08adfee1d4ececf2dd1616dbc422ef1729f3d9d71d10fa0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE01F732301632ABCB354B799C449AB7BE8AF0DB61B110634F929E3544DB21DAC1C7E0
                                                                                                                                                                                                                                                                                                                                                                              Function 00147464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0014747F
                                                                                                                                                                                                                                                                                                                                                                              • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00147497
                                                                                                                                                                                                                                                                                                                                                                              • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 001474AC
                                                                                                                                                                                                                                                                                                                                                                              • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 001474CA
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c4832b4c899ae91f1e5ac9323f6b0be2bf364faf89fd8b554bba09e810ca3638
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ee146c39430ad01d54d9daeaea5c865c9c0e8398d26cc51b250365047218f777
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4832b4c899ae91f1e5ac9323f6b0be2bf364faf89fd8b554bba09e810ca3638
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4511ADB1209310ABE7208F14DC08BA27BFCEB00B10F14856DA61AD65A1D7B0E984DBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 0014B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0014ACD3,?,00008000), ref: 0014B0C4
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0014ACD3,?,00008000), ref: 0014B0E9
                                                                                                                                                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0014ACD3,?,00008000), ref: 0014B0F3
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0014ACD3,?,00008000), ref: 0014B126
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 270ba9436cdc82beb3a32f4d2c5db0bc3f45c7f4c924206f6f07c8ec72e42407
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 269b8f18a15d5087a516c335cc56549da43a1a5ad761c64025d7e8dd2f8328a4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 270ba9436cdc82beb3a32f4d2c5db0bc3f45c7f4c924206f6f07c8ec72e42407
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38115B71C0552CEBCF08AFE4E9A86FEBB78FF09711F114099E941B2191CB309690CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 00177E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00177E33
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00177E4B
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00177E6F
                                                                                                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00177E8A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1a3bdd63a298da0d42f44aa358b53b462324cc46299eabec6f823937d9e6040b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0a7ed6bed726fcafa9720a9a053b26930870032a6339b9d457b259e1a03a9b2d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a3bdd63a298da0d42f44aa358b53b462324cc46299eabec6f823937d9e6040b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F21186B9D0024AAFDB41CF98C8849EEBBF5FF08310F108056E915E3610D734AA94CF90
                                                                                                                                                                                                                                                                                                                                                                              Function 00142DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00142DC5
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 00142DD6
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00142DDD
                                                                                                                                                                                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00142DE4
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a254073ba56e186e38500d141a96f3fbc11999f1ebb9df8cbf0c1dfeb37743e6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ab3ec4f259cc6b395380d9ad2c9da7d9352256805dc2c9dc352745ad74dfe8d2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a254073ba56e186e38500d141a96f3fbc11999f1ebb9df8cbf0c1dfeb37743e6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54E0ED71541624BAD7201BA29C4DEEB7E6CEB56BB1F800119F509D15909BA589C1C6F0
                                                                                                                                                                                                                                                                                                                                                                              Function 00178863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 000F9693
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9639: SelectObject.GDI32(?,00000000), ref: 000F96A2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9639: BeginPath.GDI32(?), ref: 000F96B9
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000F9639: SelectObject.GDI32(?,00000000), ref: 000F96E2
                                                                                                                                                                                                                                                                                                                                                                              • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00178887
                                                                                                                                                                                                                                                                                                                                                                              • LineTo.GDI32(?,?,?), ref: 00178894
                                                                                                                                                                                                                                                                                                                                                                              • EndPath.GDI32(?), ref: 001788A4
                                                                                                                                                                                                                                                                                                                                                                              • StrokePath.GDI32(?), ref: 001788B2
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: dd248918bf355058820583f35693b8b59b8e96800bfcb3cd730a280c3aefdf54
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d28d8cb22436fdebc173ba2b0dc2b4271ad39c10a6dfa83c92a2f35e41294a41
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dd248918bf355058820583f35693b8b59b8e96800bfcb3cd730a280c3aefdf54
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8F05E3A041258FADB126F94AC0DFCE3F69AF0A310F448104FB15654E2C7755591DFE5
                                                                                                                                                                                                                                                                                                                                                                              Function 000F98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000008), ref: 000F98CC
                                                                                                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,?), ref: 000F98D6
                                                                                                                                                                                                                                                                                                                                                                              • SetBkMode.GDI32(?,00000001), ref: 000F98E9
                                                                                                                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000005), ref: 000F98F1
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e0772469ccb1afd32da06ecac3e477f1f433a1c0a6fe4cee2b76caad9507c5bd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2385c1c266ae24dc4cdee045017812eabe1edac82e7e82b97aafe5d9134c054f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e0772469ccb1afd32da06ecac3e477f1f433a1c0a6fe4cee2b76caad9507c5bd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46E06D31244284EBDB215B78AC09BE83F61AB52336F14822DF6FA584E1C3B246C09B10
                                                                                                                                                                                                                                                                                                                                                                              Function 0014162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 00141634
                                                                                                                                                                                                                                                                                                                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,?,001411D9), ref: 0014163B
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,001411D9), ref: 00141648
                                                                                                                                                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,001411D9), ref: 0014164F
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 150ca14f20c06a7499e8a934ac65e90276a5455c98be4bc58183d1b0153dc845
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 639cab8a0b76fd1b50769e372537eecb31090509e6e2366ff1b868aeed0b42bc
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 150ca14f20c06a7499e8a934ac65e90276a5455c98be4bc58183d1b0153dc845
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19E08C36602211EBD7201FA0AE0DB873B7CAF54792F15880CF24AD90A0E77484C0CBE4
                                                                                                                                                                                                                                                                                                                                                                              Function 0013D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 0013D858
                                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 0013D862
                                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0013D882
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?), ref: 0013D8A3
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 81a9d5d9dbae0a6ec7946733cd73688509221c30ca035285cacc1ebfee8b1e38
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cf39250026b767f00d24f1d5859545affa10e729d56aae77973a84856239f620
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81a9d5d9dbae0a6ec7946733cd73688509221c30ca035285cacc1ebfee8b1e38
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6DE01AB4800204DFCB41AFA0E848A6DBBB2FB08310F208059F80AE7750CB3859C1AF80
                                                                                                                                                                                                                                                                                                                                                                              Function 0013D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 0013D86C
                                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 0013D876
                                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0013D882
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?), ref: 0013D8A3
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0134d8476dc5d8338262e96d8a45ef34a15d7dbc9d49f370607cfb3ada93179f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8f61553948aa0e42252a9b3c3576497196671dedb7ef486827b6f5d7d4caa9e9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0134d8476dc5d8338262e96d8a45ef34a15d7dbc9d49f370607cfb3ada93179f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6DE09A75800204DFCB51AFA1D84866DBBB5BB08311B148459F95AE7750DB395981AF90
                                                                                                                                                                                                                                                                                                                                                                              Function 00154D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E7620: _wcslen.LIBCMT ref: 000E7625
                                                                                                                                                                                                                                                                                                                                                                              • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00154ED4
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 67b0cfb2743051fc10c5778fdc0fe18fd0a873d1f5af8e061b9272e82088d71e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d9bbb08e1740f85844457b3e7c4f70e38a37c7f5b7ff757872fa12837330b226
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67b0cfb2743051fc10c5778fdc0fe18fd0a873d1f5af8e061b9272e82088d71e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8915F75A00244DFCB14DF58C484EAABBF1BF44308F198099E85A9F3A2D775ED89CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 000FE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: #
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a3ff3591377be16136da898227d673fa0aaf1a9e44870ea1821c8b8e30698e86
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f2eb93e6efb17880b1169175af9f965b6a84b08867b3a57a0cfaf5b45d8bb69c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3ff3591377be16136da898227d673fa0aaf1a9e44870ea1821c8b8e30698e86
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F851123590038ADFDB29DF68C481AFE7BE4EF55310F244059E991AB2E1E7349D82DB90
                                                                                                                                                                                                                                                                                                                                                                              Function 000FF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 000FF2A2
                                                                                                                                                                                                                                                                                                                                                                              • GlobalMemoryStatusEx.KERNEL32(?), ref: 000FF2BB
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: efb54d6f29b2ad0d29ec8f1e2e45cfdd91153e5eeeb2398b6748d1c9016d8293
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b6529731c4d37cd4cf502e14d545c969c41ab312b1f12c8fb89e581c2edfd920
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: efb54d6f29b2ad0d29ec8f1e2e45cfdd91153e5eeeb2398b6748d1c9016d8293
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C75128714087859FE320AF11E886BABBBF8FB84300F81485DF19951196EB718569CB66
                                                                                                                                                                                                                                                                                                                                                                              Function 00165745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 001657E0
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 001657EC
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 017d9ba18240007f2e1cc2261e31234cea31e9b683c12bf74301175936cd17e5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9344e1aacb9de406b21133a5e7bb76d43c2e2652cfeff256526c183ead6b138c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 017d9ba18240007f2e1cc2261e31234cea31e9b683c12bf74301175936cd17e5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80419171E002099FCB14DFAAC8819FEBBBAFF59324F544069E505A7292E7709D91CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 0015D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 0015D130
                                                                                                                                                                                                                                                                                                                                                                              • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0015D13A
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: |
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cd87cfff64160869b73d4bed26b18f146162e7f02e6d9a1a15073e769e44d706
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c26500f886c34ad17f60948bb6eeb62f45d4f458f645f2660984a17aeef8536a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd87cfff64160869b73d4bed26b18f146162e7f02e6d9a1a15073e769e44d706
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E311B71D00109AFCF15EFA5DC85AEE7FB9FF18340F000059E815B6262DB31A946CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 0017356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?,?,?,?), ref: 00173621
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0017365C
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                                              • String ID: static
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2a84207ae0713abbb3227ca4d3ddbd2626d0153a265ab62944ccac7919d9b81c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b3b52d72401e0e5cdfb8711827bbbeb20e610615583f0038670cc0b50f8be79b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a84207ae0713abbb3227ca4d3ddbd2626d0153a265ab62944ccac7919d9b81c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38318B71100204AEDB149F28DC80EFB73B9FF98760F10C619F9A997280DB31AE81E760
                                                                                                                                                                                                                                                                                                                                                                              Function 00174537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0017461F
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00174634
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID: '
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0d77d067e01fce49b54a5d0a9ab5e3c3672af700ee760851ce676fe897d707a8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ef382d2e829bc34d3a571adb514371022279cdd839cdb029bfabec9f741afc80
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d77d067e01fce49b54a5d0a9ab5e3c3672af700ee760851ce676fe897d707a8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44311874A01309AFDB14CFA9C991BDA7BB5FF49300F15816AE909AB351D770EA41CF90
                                                                                                                                                                                                                                                                                                                                                                              Function 001731EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0017327C
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00173287
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f3e8f8898cf009e43215913092ff416c92750aa0f5276bbf34b988010825bdc8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 857577fe91c1e128668585a9964df44cfd0ea6b157b9793110a2d0ec265ea430
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3e8f8898cf009e43215913092ff416c92750aa0f5276bbf34b988010825bdc8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7411B2713002087FEF259E54DC84EFB377AEB983A4F118128F92CA7292D7319D51A760
                                                                                                                                                                                                                                                                                                                                                                              Function 00173710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 000E604C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E600E: GetStockObject.GDI32(00000011), ref: 000E6060
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 000E606A
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 0017377A
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000012), ref: 00173794
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                                              • String ID: static
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a8e4fb7d8240d13d1855c0b652cbf51555f6fc82c05e5fd5384f18c57fba4807
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a522db3da00fe8f62619e50335f0a93df89cfa97eb77323ff01e2e1c0b7201aa
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8e4fb7d8240d13d1855c0b652cbf51555f6fc82c05e5fd5384f18c57fba4807
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A113AB2610209AFDF05DFB8CC45EEA7BB8FB08354F014918F969E3250D735E9519B50
                                                                                                                                                                                                                                                                                                                                                                              Function 0015CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0015CD7D
                                                                                                                                                                                                                                                                                                                                                                              • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0015CDA6
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                                              • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: edc972bb7f24f7e41ab6035d0d5e0e7388d267ec59ec52076350ba6473e3ec80
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2c702f9519160ec978aa1f3c69ae235c2bbaa2b1a222e57a9c8f8e30caf7c8da
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: edc972bb7f24f7e41ab6035d0d5e0e7388d267ec59ec52076350ba6473e3ec80
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E11A375205735BED7284EA68C45FE7BEB8EB127A5F00422AB929C6080D7609888D6F0
                                                                                                                                                                                                                                                                                                                                                                              Function 00173429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextLengthW.USER32(00000000), ref: 001734AB
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 001734BA
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: edit
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b6128af838ad2fd7978eda4cd93722ecc02724e3f0951232cc67a8f1c056d63b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ce3dd5ebd2d382e47473e014ddcddf5e1c2f99078481e46ffb64d911bc4204ea
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6128af838ad2fd7978eda4cd93722ecc02724e3f0951232cc67a8f1c056d63b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A114F71100108AFEB164E64DC44AEB377AEB15774F508724FA7A971D0C772DD91A750
                                                                                                                                                                                                                                                                                                                                                                              Function 00146C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?,?), ref: 00146CB6
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00146CC2
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                              • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 358f8419d90269baa354926a7c231c13943fcc617a6cb011e940e1bdb2cdd240
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 803207b543994df75554f25067fb4dee7d742cd89d5e28aef32eac83b236d11c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 358f8419d90269baa354926a7c231c13943fcc617a6cb011e940e1bdb2cdd240
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15010432A005268BCB20AFFDCC808BF73B5EF667287500528E892A21A1EB31DC40C651
                                                                                                                                                                                                                                                                                                                                                                              Function 00141CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00143CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00143CCA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00141D4C
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ca2dd83014c888a9ab32696e8162ba633c49a4e799b9b68b7697e9834c2f22f5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 93918f268cc2b10c586f0c38b4cea92f2cf840c15e4a34abd873827e404f33c5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca2dd83014c888a9ab32696e8162ba633c49a4e799b9b68b7697e9834c2f22f5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01012875A40214BBCB18FFE0CD55DFE7369EB12350B10091AF836673E2EB3059498660
                                                                                                                                                                                                                                                                                                                                                                              Function 00141BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00143CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00143CCA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000180,00000000,?), ref: 00141C46
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d563a710821470bc7eb66db5369783bbf3f772c6712a2bd55c65b015b5adb85a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8c4e5807b624bd43df536fffc808837527919229cb9271271f0252480c0aff07
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d563a710821470bc7eb66db5369783bbf3f772c6712a2bd55c65b015b5adb85a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3201A7756811187ACB18FB90CE92AFF77A99B12340F540019B816772A2EB209F4986B1
                                                                                                                                                                                                                                                                                                                                                                              Function 00141C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00143CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00143CCA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000182,?,00000000), ref: 00141CC8
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4393375b4eb3e09fac7fea0a65c9a1af4ee34a98c9c627d5d80e53da55bdacd0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d37a26b13d1e37908b170105a716cb5a8162bb6246c88f96c067bacacb24b143
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4393375b4eb3e09fac7fea0a65c9a1af4ee34a98c9c627d5d80e53da55bdacd0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD01D6756801187BCB18FBA1CF82AFE73A99B12340F940019B802732A2FB209F49C671
                                                                                                                                                                                                                                                                                                                                                                              Function 00141D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000E9CB3: _wcslen.LIBCMT ref: 000E9CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00143CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00143CCA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00141DD3
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 91f9cb778600f997d20ca38585be6a895075e5d9c033a08568472b304f4cc6e5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 52f62fcd41ec1b44d9277fb8753e158488f54838ca5996a39f63d43b8e5f195e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91f9cb778600f997d20ca38585be6a895075e5d9c033a08568472b304f4cc6e5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43F0F4B1F402147ACB18F7E4CD96BFE7378AB02350F440919B822732E2EB6059498260
                                                                                                                                                                                                                                                                                                                                                                              Function 0016747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 12799d00d44bea2b7ccf1a25b953104a0a93bf1bd0485bfc04773a632b23585c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 79023715ef9816ad4ab8df994eccac8c6915fd174bf568286be95eafd1e644c7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12799d00d44bea2b7ccf1a25b953104a0a93bf1bd0485bfc04773a632b23585c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07E02B5620532011D2311279ACC5A7F5689DFDDB54710183BFEC1C22E6EFD48DA193A0
                                                                                                                                                                                                                                                                                                                                                                              Function 00140B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00140B23
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Message
                                                                                                                                                                                                                                                                                                                                                                              • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 36af22fb504e016ed7841049e3e1016693534898849f4d01b7ae617fd02e92b9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4e5f3bbce9a0ea78679e47fe5db3e38cecea840392807dc1a54cf3454d31a7d4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36af22fb504e016ed7841049e3e1016693534898849f4d01b7ae617fd02e92b9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4E0DF322883082AD2143695BC43FD97A958F09B64F10446EFB8CA98C38BE2249056E9
                                                                                                                                                                                                                                                                                                                                                                              Function 00100D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 000FF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00100D71,?,?,?,000E100A), ref: 000FF7CE
                                                                                                                                                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,000E100A), ref: 00100D75
                                                                                                                                                                                                                                                                                                                                                                              • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,000E100A), ref: 00100D84
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00100D7F
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ce537ae12d87d961c8cb185cfd9b9fa8fb3841abe782b8b81cda3f81b7c85cc2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f216a7e9ce37f479468b08b5060bca89717c0f654769497746f8c0868824aba3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce537ae12d87d961c8cb185cfd9b9fa8fb3841abe782b8b81cda3f81b7c85cc2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BCE06D742007418BD3219FB8E808352BBF1AF04740F01892DE48AC6A92EBF4E5C48BA1
                                                                                                                                                                                                                                                                                                                                                                              Function 00153017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0015302F
                                                                                                                                                                                                                                                                                                                                                                              • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00153044
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                                              • String ID: aut
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 17515ca75fe33c3f7644e0536c8144842d9895343bbb9dcbe166e1912dac07ff
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 05723c6e87664678b3dcdbda9248a9b5421c34dfc99b040f24f853120c50c037
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17515ca75fe33c3f7644e0536c8144842d9895343bbb9dcbe166e1912dac07ff
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AD05E7650032867DB20A7A4AC0EFCB7A7CDB05750F0002A1B659E2092DAB09AC4CBD0
                                                                                                                                                                                                                                                                                                                                                                              Function 00172322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0017232C
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0017233F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014E97B: Sleep.KERNEL32 ref: 0014E9F3
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 551935edff3857cc432be1211c13241921c6d07121258918d6cf044c085b2bd4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 67a1faeaccc1b1d256f9d6cf7d0c1597fd76939abc2fb7bf261ed372cc6fbf13
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 551935edff3857cc432be1211c13241921c6d07121258918d6cf044c085b2bd4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6D012363D4310B7E664B770DC4FFC67A64AB14B14F00491AB749AA1E0CAF0A881CE94
                                                                                                                                                                                                                                                                                                                                                                              Function 00172356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0017236C
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000), ref: 00172373
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0014E97B: Sleep.KERNEL32 ref: 0014E9F3
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ed69845abe573ef3241f9611977dd4cfc410a1baf6299686c88f2c589fac1428
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6d5eecc9faae58654c066db7e41ff0a854b607cf2f043f673f414a994ea3f63e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed69845abe573ef3241f9611977dd4cfc410a1baf6299686c88f2c589fac1428
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4AD012363D1310BBE664B770DC4FFC67664AB15B14F00491AB749EA1E0CAF0B881CE94
                                                                                                                                                                                                                                                                                                                                                                              Function 0011BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0011BE93
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0011BEA1
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0011BEFC
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2468504785.00000000000E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 000E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468394123.00000000000E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.000000000017C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2468878185.00000000001A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470074059.00000000001AC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2470334519.00000000001B4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_e0000_mdPov8VTwi.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 37c4b5463764080bc1c39c80f408ef837b057e4adbccf036af06f2eab0a60a69
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2941d538eae3954aaac284f6c033012741090db0a192bd1f7d0c5e30cfd5907c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 37c4b5463764080bc1c39c80f408ef837b057e4adbccf036af06f2eab0a60a69
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8741D434609207AFCF299F64CCC4AFA7BA5AF41320F254179F9599B1E1DB308D82CB60